Hello everybody,
I'm new to the list and didn't find any solution to my problem while browsing through the archives and using google, so I'll post my problem here (although I'm not sure if it's a freeRadius problem or more a hostapd problem):
I'm trying to set up a wireless access point using eap/tls to authenticate the clients with certificates. I'm using freeRadius 1.0.1. Authentication from a Linux client (without WEP enabled) works without any problems, but when trying to authenticate with a WinXP SP2 machine (WEP rekeying enabled), i'm getting this error:
<snip>
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 50
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_tls: Received unexpected tunneled data after successful handshake.
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 50
modcall: group authenticate returns invalid for request 50
auth: Failed to validate the user.
Login incorrect: [user 1/<no User-Password attribute>] (from client localhost port 1 cli 00-02-2D-66-79-7F)
Delaying request 50 for 1 seconds
Finished request 50
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=29, length=198
Sending Access-Reject of id 29 to 127.0.0.1:32769
EAP-Message = 0x04120004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 45 ID 24 with timestamp 417fa793
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 46 ID 25 with timestamp 417fa794
Cleaning up request 47 ID 26 with timestamp 417fa794
Cleaning up request 48 ID 27 with timestamp 417fa794
Cleaning up request 49 ID 28 with timestamp 417fa794
Cleaning up request 50 ID 29 with timestamp 417fa794
Nothing to do. Sleeping until we see a request.
<snip>
What does that "rlm_eap_tls: Received unexpected tunneled data after successful handshake." error mean? I didn't find any useful information concerning this error. It could be a problem of hostapd, which I'm using as access point, but it would be nice if someone could point me in the direction i have to go further to solve that problem.
Or is it a problem with my WinXP SP2 and is there any patch for that? The Windows and Linux clients both use Lucent/Orinoco Gold cards.
In advance, thanks for your help!
Patrick Froeger
PS: here is the complete freeRadius log:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = yes
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/ssl/certs/userkeypair.10000002.pem"
tls: certificate_file = "/etc/ssl/certs/userkeypair.10000002.pem"
tls: CA_file = "/etc/ssl/certs/cacert.pem"
tls: private_key_password = "test"
tls: dh_file = "/etc/raddb/dh"
tls: random_file = "/etc/raddb/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=18, length=158
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0206000b01757365722031
Message-Authenticator = 0xeb3f0bac09a8cc58dc4b3f13783e774e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 39
modcall[authorize]: module "preprocess" returns ok for request 39
modcall[authorize]: module "chap" returns noop for request 39
modcall[authorize]: module "mschap" returns noop for request 39
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 39
rlm_eap: EAP packet type response id 6 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 39
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 39
modcall: group authorize returns updated for request 39
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 39
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 39
modcall: group authenticate returns handled for request 39
Sending Access-Challenge of id 18 to 127.0.0.1:32769
EAP-Message = 0x010700060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84598c94a50f9d39d5c973c8eb4b8729
Finished request 39
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=19, length=245
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020700500d800000004616030100410100003d0301417fb2d7cc68038f74e18ad4e39d74ffc0eaa247318b19d8a4cbd7f7c2566e3d00001600040005000a000900640062000300060013001200630100
State = 0x84598c94a50f9d39d5c973c8eb4b8729
Message-Authenticator = 0x5b81c02a2c668f6dd86643f8db046816
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 40
modcall[authorize]: module "preprocess" returns ok for request 40
modcall[authorize]: module "chap" returns noop for request 40
modcall[authorize]: module "mschap" returns noop for request 40
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 40
rlm_eap: EAP packet type response id 7 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 40
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 40
modcall: group authorize returns updated for request 40
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 40
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 07f2], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 006e], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 40
modcall: group authenticate returns handled for request 40
Sending Access-Challenge of id 19 to 127.0.0.1:32769
EAP-Message = 0x0108040a0dc0000008b9160301004a020000460301417fa75435786ece1a913e7f851330de2492e724186588a1315f77e58b7cd5f1205f52289acc4fc239ee420b782acd1bf3f906d0192c33865da4a20f0034adedec00040016030107f20b0007ee0007eb0003f3308203ef308202d7a003020102020410000002300d06092a864886f70d0101050500305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669301e170d3034313032313135333632305a170d30
EAP-Message = 0x35313032313135333632305a304c310b300906035504061302444531133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c41636365737320506f696e7430819f300d06092a864886f70d010101050003818d0030818902818100d9dd587439e4c83548424c6991e7e2b33d96fe179c2bad270ada03c91be6995c7929c5355d2dd08272262a5c56dd4f2958fef90a2640f89eb94ba59f46108c71397440cdccb5f81b4301b261bbc7421736c406d90117c0140dae11cb2b4ae45fd22320746662db06125816be910e7fe033032317a2eeda4417953a8ab519f6f50203010001a3
EAP-Message = 0x82014a3082014630090603551d1304023000301106096086480186f8420101040403020780300b0603551d0f0404030204f0304406096086480186f842010d0437163543657274696669636174652067656e65726174656420627920415645432e53595354454d53204d69636861656c205072656368746c301d0603551d0e0416041491d60c4eb2715a626e0c92f0cf0583df802449cb3081850603551d23047e307c801484a7c74f8934a384b565d792fbf29b4f16e57a7fa161a45f305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b1308
EAP-Message = 0x5365637572697479311530130603550403130c524f4f5443412057692d4669820100302c0603551d1f042530233021a01fa01d861b687474703a2f2f6364702f524f4f5443415f57692d46692e63726c300d06092a864886f70d010105050003820101003fa11a4b693b134537505a087f090ea5ee649da6f9dce98ea2b3ac648ff3f6b0194eb3ad784adb94c6e28e5e4101653039eb086ba68f3343a7045ab729a1b9f7fdf1f77248c48e8c6e20c9d826f7e9739e0c0ebae3e3825a95a3478af47f6d3fe93fd2cb756438ed48c00a66cd0ca0859c1d7b8759403f66e510e8d9f8cc52b33072bfcb57b70dca8288f3a3ac67c0f7be423cb2cef3dcb3d5
EAP-Message = 0x66cb5f026844546412ae1207f8e024d11c8a37f50a89
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe8deeef4e8c53baa78469f2ecff00901
Finished request 40
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=20, length=171
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020800060d00
State = 0xe8deeef4e8c53baa78469f2ecff00901
Message-Authenticator = 0x4330f31f4d7184cc323a834d09348570
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 41
modcall[authorize]: module "preprocess" returns ok for request 41
modcall[authorize]: module "chap" returns noop for request 41
modcall[authorize]: module "mschap" returns noop for request 41
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 41
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 41
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 41
modcall: group authorize returns updated for request 41
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 41
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 41
modcall: group authenticate returns handled for request 41
Sending Access-Challenge of id 20 to 127.0.0.1:32769
EAP-Message = 0x0109040a0dc0000008b9e8ec4cc9e3b5be5e90b0d10f257f94621f2d11d57964635c24a8680c8ff339cbde20c29013c88f7bb00eeac723fd9f237ca3af2f4c09e16d25190d82850463d75c00855da380df669fa00bd1bddac84dec0003f2308203ee308202d6a003020102020100300d06092a864886f70d0101050500305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669301e170d3034313032313134333332325a170d3134313031393134333332325a30
EAP-Message = 0x5d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d466930820122300d06092a864886f70d01010105000382010f003082010a02820101009ee2d6dfa891c190b70c417ef035b60223bdbfd04461b611f5b478f3ed36cca456827a557f7e4385585cd3083cd29811b7b8228e300dc94632cf4a40fd5b3517ca992ac2b99d6a2aadc225b76014906854e43bb795dc844d5662a8a075f4405fee116b3ffe85a17752d76a63c06f7b88092d0c68d42537dcda3c42d0303e
EAP-Message = 0xd7cfab2097e734aa92591bae3ce7b67d1c8a33123ccb85bb3daae48baee3a7b34078132a3ab6b616457498a885dc08af65a62eb871222efc8dee483935781fe41fc06cebc609a74154b3bb9ab686816c62a87fbf718d9b23b39379073f60b8d03ad947b4e0661aa26c9dd9fda30c67f02ac30176f85ee3f11804d1f694e315d7f2990203010001a381b83081b5301d0603551d0e0416041484a7c74f8934a384b565d792fbf29b4f16e57a7f3081850603551d23047e307c801484a7c74f8934a384b565d792fbf29b4f16e57a7fa161a45f305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a
EAP-Message = 0x446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669820100300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010050707c5e8d2735b99695e9305c5d47daa85d48c31a043ce1c986bdc4199eabe6ac40f68b2886246c3cf9c268bb1b341b3009336caab8ee1ff2dc81fbca1d6398d55556720b60134ce02ef1640600dfff3119914c04ba89f781eeb963f18298d46db21fd55b8d1d34df4b5b556613fbadad9caec8c5bf3d2d937ad4876861bc2eaaed149107eec7a0337ba52e0df5797053bc9b245958baadfdff5b94ad621f6c357d8065
EAP-Message = 0x243d3e7dfd9753c80fe2a950006f13b581064e55f61a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0c39e285471f63d8b50ddc08bf238891
Finished request 41
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=21, length=171
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020900060d00
State = 0x0c39e285471f63d8b50ddc08bf238891
Message-Authenticator = 0x0157f2922afdba50b4f8fe07c166ccee
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 42
modcall[authorize]: module "preprocess" returns ok for request 42
modcall[authorize]: module "chap" returns noop for request 42
modcall[authorize]: module "mschap" returns noop for request 42
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 42
rlm_eap: EAP packet type response id 9 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 42
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 42
modcall: group authorize returns updated for request 42
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 42
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 42
modcall: group authenticate returns handled for request 42
Sending Access-Challenge of id 21 to 127.0.0.1:32769
EAP-Message = 0x010a00c30d80000008b9c6677698bff6c1dbeb490f764ce8bfb59072cc69559171351809bf3861f5bed681b5821efcc8ed279d5097927fbf78d5da0cca674588bf6cdee3a3128c1f6ad0632cd594945e160301006e0d0000660201020061005f305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d46690e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbb1a54fc53bacfbace6d4ef95dca99da
Finished request 42
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=22, length=1516
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020a053d0d800000053316030105030b0003f30003f00003ed308203e9308202d1a003020102020410000000300d06092a864886f70d0101050500305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669301e170d3034313032313135333431385a170d3035313032313135333431385a3046310b300906035504061302444531133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479310f300d0603550403130675
EAP-Message = 0x736572203130819f300d06092a864886f70d010101050003818d0030818902818100ddd4a17ee017ae01fdc59e2aaa36f3785572ffd23f5c1905cae156d478f0d93e1d1d3ca386df1a8226fbaa7203d2f6ce18e6415b072d0f0d2756abbeb3a3fbace830c9a38d9f65ce69d7a19b25a7a68994dc4d1f8b03910b6b1b2aab5f546fb77f46bff27f457664d4899d3fc888026cb9e118fb466d29cb4131ab4af4cffbf70203010001a382014a3082014630090603551d1304023000301106096086480186f8420101040403020780300b0603551d0f0404030204f0304406096086480186f842010d0437163543657274696669636174652067656e657261
EAP-Message = 0x74656420627920415645432e53595354454d53204d69636861656c205072656368746c301d0603551d0e04160414208b911c112e3f8f63feb88b85d07247c9dd5b8f3081850603551d23047e307c801484a7c74f8934a384b565d792fbf29b4f16e57a7fa161a45f305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669820100302c0603551d1f042530233021a01fa01d861b687474703a2f2f6364702f524f4f5443415f57692d46692e63726c300d06092a
EAP-Message = 0x864886f70d0101050500038201010027b2aef540fb178e9b2caebfb76dd9e1eca5c38a80d5ddc247c5a222944cff7e9cf9e3a4f3c93edc5a917840f80d7756a9cc2878e5825ecbb25788d9747b5113c7cdf111c170455d00a28f22c76972f71b6abd69fd751d250dbccd2409b1b8513dcdd04d79e444e00cc6c3c0b3d3e9319ccfad655ce1b1e0ef2f77d6b0b86118be2b6ea4b2dd85f9b87a529ee8a6f9ed6d7f0550239f6d67f1d1353b47a96108bd3e6267696b20b4f6612adea894cd59deba0eaf3d5c454b6538016450591b86dde34a6738b1a6e361cc618034081874ce5e0250cfd3bc804f2a9720573422c6707838e3b3067745687afe0edda3
EAP-Message = 0xeb4ca69705f551d0d254b373a3924adb6ccf10000082008042bb12941af294daab41ae796071031e8ede971bd28de2cfbdc797e3bd8290aa8f09f80756f75caea558979b4e4f0a724adcaae04308a002aa0813bcafb398ee245d1ce2ca14ddacdf663230efc3be0ce90f9f2a0fb114c1cc2cba8374682a6342a59914ef2fc03b85e9264f53ee505fb87a7e880a1054e2aa1e76b8cccf9a9b0f00008200802df32cbc4139bfcf5a369b65c4c66a03606fba4fb7b31ab1cea6a47b262d0ceb08817db77b544e79e7552a03fb2a916d2a11364d309b356b2524c10ea6ea9f8199cff80a2a418e7d07f8804521de2e4aa5f08af0f29b7c400079519f74d660
EAP-Message = 0x36dd9ac41f0f898f75823a0701304b467e0f60f37ba52834c1926fe0ef507d9e511403010001011603010020937042fbfffe77378e38621e7a6f6bc26e81d4b7e3e518f810163a07e44e6af9
State = 0xbb1a54fc53bacfbace6d4ef95dca99da
Message-Authenticator = 0xf1c2a06d5d213b9772591ec64ca7cdc6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 43
modcall[authorize]: module "preprocess" returns ok for request 43
modcall[authorize]: module "chap" returns noop for request 43
modcall[authorize]: module "mschap" returns noop for request 43
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 43
rlm_eap: EAP packet type response id 10 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 43
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 43
modcall: group authorize returns updated for request 43
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 43
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 03f7], Certificate
chain-depth=1,
error=0
--> User-Name = user 1
--> BUF-Name = ROOTCA Wi-Fi
--> subject = /C=DE/L=Somewhere/O=SomeCompany/OU=Security/CN=ROOTCA Wi-Fi
--> issuer = /C=DE/L=Somewhere/O=SomeCompany/OU=Security/CN=ROOTCA Wi-Fi
--> verify return:1
chain-depth=0,
error=0
--> User-Name = user 1
--> BUF-Name = user 1
--> subject = /C=DE/O=SomeCompany/OU=Security/CN=user 1
--> issuer = /C=DE/L=Somewhere/O=SomeCompany/OU=Security/CN=ROOTCA Wi-Fi
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 43
modcall: group authenticate returns handled for request 43
Sending Access-Challenge of id 22 to 127.0.0.1:32769
EAP-Message = 0x010b00350d800000002b1403010001011603010020bb05fde58629b74ae8784e8884cd29ec926ceeb7d698b241455981b7a01d0675
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x453961d24d9fa457b8cc1fa65ad0461d
Finished request 43
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=23, length=198
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020b00210d800000001715030100129a7fe1c3a03a03037c64d6f7f604aba11997
State = 0x453961d24d9fa457b8cc1fa65ad0461d
Message-Authenticator = 0x733e63947a944efc2ccaa67000b0853f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 44
modcall[authorize]: module "preprocess" returns ok for request 44
modcall[authorize]: module "chap" returns noop for request 44
modcall[authorize]: module "mschap" returns noop for request 44
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 44
rlm_eap: EAP packet type response id 11 length 33
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 44
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 44
modcall: group authorize returns updated for request 44
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 44
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_tls: Received unexpected tunneled data after successful handshake.
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 44
modcall: group authenticate returns invalid for request 44
auth: Failed to validate the user.
Login incorrect: [user 1/<no User-Password attribute>] (from client localhost port 1 cli 00-02-2D-66-79-7F)
Delaying request 44 for 1 seconds
Finished request 44
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=23, length=198
Sending Access-Reject of id 23 to 127.0.0.1:32769
EAP-Message = 0x040b0004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 39 ID 18 with timestamp 417fa754
Cleaning up request 40 ID 19 with timestamp 417fa754
Cleaning up request 41 ID 20 with timestamp 417fa754
Cleaning up request 42 ID 21 with timestamp 417fa754
Cleaning up request 43 ID 22 with timestamp 417fa754
Cleaning up request 44 ID 23 with timestamp 417fa754
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=24, length=158
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020d000b01757365722031
Message-Authenticator = 0xb0d753cf7b8155ad70a2c283bfdf9c07
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 45
modcall[authorize]: module "preprocess" returns ok for request 45
modcall[authorize]: module "chap" returns noop for request 45
modcall[authorize]: module "mschap" returns noop for request 45
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 45
rlm_eap: EAP packet type response id 13 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 45
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 45
modcall: group authorize returns updated for request 45
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 45
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 45
modcall: group authenticate returns handled for request 45
Sending Access-Challenge of id 24 to 127.0.0.1:32769
EAP-Message = 0x010e00060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2c7eb3d83acb6c96b349ea9770268e62
Finished request 45
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=25, length=245
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020e00500d800000004616030100410100003d0301417fb3175bd1799ad82678975ec934f2fa89353fdceb8f3f2365aa3622ad5cee00001600040005000a000900640062000300060013001200630100
State = 0x2c7eb3d83acb6c96b349ea9770268e62
Message-Authenticator = 0x1d08ae20e27ba7a469a273b5efd3d4c7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 46
modcall[authorize]: module "preprocess" returns ok for request 46
modcall[authorize]: module "chap" returns noop for request 46
modcall[authorize]: module "mschap" returns noop for request 46
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 46
rlm_eap: EAP packet type response id 14 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 46
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 46
modcall: group authorize returns updated for request 46
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 46
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 07f2], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 006e], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 46
modcall: group authenticate returns handled for request 46
Sending Access-Challenge of id 25 to 127.0.0.1:32769
EAP-Message = 0x010f040a0dc0000008b9160301004a020000460301417fa794cbcd4f562bea3247128b23b9c4b667d9dbd50f45f65743a2d3251bbf20e42c15c00ec3312ed668864ccfc699b8dc896747c2613b84c89c8eb8cb235ece00040016030107f20b0007ee0007eb0003f3308203ef308202d7a003020102020410000002300d06092a864886f70d0101050500305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669301e170d3034313032313135333632305a170d30
EAP-Message = 0x35313032313135333632305a304c310b300906035504061302444531133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c41636365737320506f696e7430819f300d06092a864886f70d010101050003818d0030818902818100d9dd587439e4c83548424c6991e7e2b33d96fe179c2bad270ada03c91be6995c7929c5355d2dd08272262a5c56dd4f2958fef90a2640f89eb94ba59f46108c71397440cdccb5f81b4301b261bbc7421736c406d90117c0140dae11cb2b4ae45fd22320746662db06125816be910e7fe033032317a2eeda4417953a8ab519f6f50203010001a3
EAP-Message = 0x82014a3082014630090603551d1304023000301106096086480186f8420101040403020780300b0603551d0f0404030204f0304406096086480186f842010d0437163543657274696669636174652067656e65726174656420627920415645432e53595354454d53204d69636861656c205072656368746c301d0603551d0e0416041491d60c4eb2715a626e0c92f0cf0583df802449cb3081850603551d23047e307c801484a7c74f8934a384b565d792fbf29b4f16e57a7fa161a45f305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b1308
EAP-Message = 0x5365637572697479311530130603550403130c524f4f5443412057692d4669820100302c0603551d1f042530233021a01fa01d861b687474703a2f2f6364702f524f4f5443415f57692d46692e63726c300d06092a864886f70d010105050003820101003fa11a4b693b134537505a087f090ea5ee649da6f9dce98ea2b3ac648ff3f6b0194eb3ad784adb94c6e28e5e4101653039eb086ba68f3343a7045ab729a1b9f7fdf1f77248c48e8c6e20c9d826f7e9739e0c0ebae3e3825a95a3478af47f6d3fe93fd2cb756438ed48c00a66cd0ca0859c1d7b8759403f66e510e8d9f8cc52b33072bfcb57b70dca8288f3a3ac67c0f7be423cb2cef3dcb3d5
EAP-Message = 0x66cb5f026844546412ae1207f8e024d11c8a37f50a89
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4d18c3d9410d30f590186eca5bec580b
Finished request 46
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=26, length=171
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020f00060d00
State = 0x4d18c3d9410d30f590186eca5bec580b
Message-Authenticator = 0xfbba54f533b9480a8e5f48c2f0878f51
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 47
modcall[authorize]: module "preprocess" returns ok for request 47
modcall[authorize]: module "chap" returns noop for request 47
modcall[authorize]: module "mschap" returns noop for request 47
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 47
rlm_eap: EAP packet type response id 15 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 47
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 47
modcall: group authorize returns updated for request 47
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 47
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 47
modcall: group authenticate returns handled for request 47
Sending Access-Challenge of id 26 to 127.0.0.1:32769
EAP-Message = 0x0110040a0dc0000008b9e8ec4cc9e3b5be5e90b0d10f257f94621f2d11d57964635c24a8680c8ff339cbde20c29013c88f7bb00eeac723fd9f237ca3af2f4c09e16d25190d82850463d75c00855da380df669fa00bd1bddac84dec0003f2308203ee308202d6a003020102020100300d06092a864886f70d0101050500305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669301e170d3034313032313134333332325a170d3134313031393134333332325a30
EAP-Message = 0x5d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d466930820122300d06092a864886f70d01010105000382010f003082010a02820101009ee2d6dfa891c190b70c417ef035b60223bdbfd04461b611f5b478f3ed36cca456827a557f7e4385585cd3083cd29811b7b8228e300dc94632cf4a40fd5b3517ca992ac2b99d6a2aadc225b76014906854e43bb795dc844d5662a8a075f4405fee116b3ffe85a17752d76a63c06f7b88092d0c68d42537dcda3c42d0303e
EAP-Message = 0xd7cfab2097e734aa92591bae3ce7b67d1c8a33123ccb85bb3daae48baee3a7b34078132a3ab6b616457498a885dc08af65a62eb871222efc8dee483935781fe41fc06cebc609a74154b3bb9ab686816c62a87fbf718d9b23b39379073f60b8d03ad947b4e0661aa26c9dd9fda30c67f02ac30176f85ee3f11804d1f694e315d7f2990203010001a381b83081b5301d0603551d0e0416041484a7c74f8934a384b565d792fbf29b4f16e57a7f3081850603551d23047e307c801484a7c74f8934a384b565d792fbf29b4f16e57a7fa161a45f305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a
EAP-Message = 0x446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669820100300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010050707c5e8d2735b99695e9305c5d47daa85d48c31a043ce1c986bdc4199eabe6ac40f68b2886246c3cf9c268bb1b341b3009336caab8ee1ff2dc81fbca1d6398d55556720b60134ce02ef1640600dfff3119914c04ba89f781eeb963f18298d46db21fd55b8d1d34df4b5b556613fbadad9caec8c5bf3d2d937ad4876861bc2eaaed149107eec7a0337ba52e0df5797053bc9b245958baadfdff5b94ad621f6c357d8065
EAP-Message = 0x243d3e7dfd9753c80fe2a950006f13b581064e55f61a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd3ec887208c920ddf732744ea6a35e4b
Finished request 47
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=27, length=171
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x021000060d00
State = 0xd3ec887208c920ddf732744ea6a35e4b
Message-Authenticator = 0x37def7c95c7e0ce7858cda240de7916c
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 48
modcall[authorize]: module "preprocess" returns ok for request 48
modcall[authorize]: module "chap" returns noop for request 48
modcall[authorize]: module "mschap" returns noop for request 48
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 48
rlm_eap: EAP packet type response id 16 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 48
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 48
modcall: group authorize returns updated for request 48
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 48
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 48
modcall: group authenticate returns handled for request 48
Sending Access-Challenge of id 27 to 127.0.0.1:32769
EAP-Message = 0x011100c30d80000008b9c6677698bff6c1dbeb490f764ce8bfb59072cc69559171351809bf3861f5bed681b5821efcc8ed279d5097927fbf78d5da0cca674588bf6cdee3a3128c1f6ad0632cd594945e160301006e0d0000660201020061005f305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d46690e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb089bcea5a673cd864111340a1eb54de
Finished request 48
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=28, length=1516
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0211053d0d800000053316030105030b0003f30003f00003ed308203e9308202d1a003020102020410000000300d06092a864886f70d0101050500305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669301e170d3034313032313135333431385a170d3035313032313135333431385a3046310b300906035504061302444531133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479310f300d0603550403130675
EAP-Message = 0x736572203130819f300d06092a864886f70d010101050003818d0030818902818100ddd4a17ee017ae01fdc59e2aaa36f3785572ffd23f5c1905cae156d478f0d93e1d1d3ca386df1a8226fbaa7203d2f6ce18e6415b072d0f0d2756abbeb3a3fbace830c9a38d9f65ce69d7a19b25a7a68994dc4d1f8b03910b6b1b2aab5f546fb77f46bff27f457664d4899d3fc888026cb9e118fb466d29cb4131ab4af4cffbf70203010001a382014a3082014630090603551d1304023000301106096086480186f8420101040403020780300b0603551d0f0404030204f0304406096086480186f842010d0437163543657274696669636174652067656e657261
EAP-Message = 0x74656420627920415645432e53595354454d53204d69636861656c205072656368746c301d0603551d0e04160414208b911c112e3f8f63feb88b85d07247c9dd5b8f3081850603551d23047e307c801484a7c74f8934a384b565d792fbf29b4f16e57a7fa161a45f305d310b3009060355040613024445310f300d060355040713064d756e69636831133011060355040a130a446566656e73652041473111300f060355040b13085365637572697479311530130603550403130c524f4f5443412057692d4669820100302c0603551d1f042530233021a01fa01d861b687474703a2f2f6364702f524f4f5443415f57692d46692e63726c300d06092a
EAP-Message = 0x864886f70d0101050500038201010027b2aef540fb178e9b2caebfb76dd9e1eca5c38a80d5ddc247c5a222944cff7e9cf9e3a4f3c93edc5a917840f80d7756a9cc2878e5825ecbb25788d9747b5113c7cdf111c170455d00a28f22c76972f71b6abd69fd751d250dbccd2409b1b8513dcdd04d79e444e00cc6c3c0b3d3e9319ccfad655ce1b1e0ef2f77d6b0b86118be2b6ea4b2dd85f9b87a529ee8a6f9ed6d7f0550239f6d67f1d1353b47a96108bd3e6267696b20b4f6612adea894cd59deba0eaf3d5c454b6538016450591b86dde34a6738b1a6e361cc618034081874ce5e0250cfd3bc804f2a9720573422c6707838e3b3067745687afe0edda3
EAP-Message = 0xeb4ca69705f551d0d254b373a3924adb6ccf10000082008056b059da28bf6bc51c6691276e2268cb690bee50fc9054b02246391dcf5a06a74e9daef3d08f3b1d49c58588ee3a60e0343a37a9cbfc3abce23cb72b4160b61d28326630e6d3ea2128065f036c476726c108e7cacf55660c01291a1dc7348280d4453a3e28011f24ffd627d9253002e63e62082afbb12f606f3ce6fe63c2ac050f0000820080346c25e3873f5e15c02d2011fee8b6092b0bbd3f8b7a17aad77bdf92fb3ea05d78417270784fc3166c1d528efc66453328dc1561df642315fd034868648c1a362270073d2741735979203ce40a4617617a9784379868f9fc6410b93cf8cb46
EAP-Message = 0x3f52a2c5827865f8ca3fdf2eabf9cb6dcdba406118c705ab46163dbb9631cc749b14030100010116030100208b47349b2ae19578eab5fdf462dd8b4285cd15a484e6845b871e1b8ad3efd904
State = 0xb089bcea5a673cd864111340a1eb54de
Message-Authenticator = 0x25b6967518040f6fae55d212630d50b9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 49
modcall[authorize]: module "preprocess" returns ok for request 49
modcall[authorize]: module "chap" returns noop for request 49
modcall[authorize]: module "mschap" returns noop for request 49
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 49
rlm_eap: EAP packet type response id 17 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 49
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 49
modcall: group authorize returns updated for request 49
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 49
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 03f7], Certificate
chain-depth=1,
error=0
--> User-Name = user 1
--> BUF-Name = ROOTCA Wi-Fi
--> subject = /C=DE/L=Somewhere/O=SomeCompany/OU=Security/CN=ROOTCA Wi-Fi
--> issuer = /C=DE/L=Somewhere/O=SomeCompany/OU=Security/CN=ROOTCA Wi-Fi
--> verify return:1
chain-depth=0,
error=0
--> User-Name = user 1
--> BUF-Name = user 1
--> subject = /C=DE/O=SomeCompany/OU=Security/CN=user 1
--> issuer = /C=DE/L=Somewhere/O=SomeCompany/OU=Security/CN=ROOTCA Wi-Fi
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 49
modcall: group authenticate returns handled for request 49
Sending Access-Challenge of id 28 to 127.0.0.1:32769
EAP-Message = 0x011200350d800000002b140301000101160301002095fea01bbf8ed92b05867c3b5a9d6758965b675bea9e4404042c43e83361a99a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4f1a306b6e6ee755c1d0988def29c901
Finished request 49
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=29, length=198
User-Name = "user 1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-04-E2-81-08-48:test"
Calling-Station-Id = "00-02-2D-66-79-7F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x021200210d8000000017150301001259a9b4383c73ed6c9fe1150072d18a68eeaf
State = 0x4f1a306b6e6ee755c1d0988def29c901
Message-Authenticator = 0xbac6e93328c98a54f105489c83e0d8fb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 50
modcall[authorize]: module "preprocess" returns ok for request 50
modcall[authorize]: module "chap" returns noop for request 50
modcall[authorize]: module "mschap" returns noop for request 50
rlm_realm: No '@' in User-Name = "user 1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 50
rlm_eap: EAP packet type response id 18 length 33
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 50
users: Matched user 1 at 227
modcall[authorize]: module "files" returns ok for request 50
modcall: group authorize returns updated for request 50
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 50
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_tls: Received unexpected tunneled data after successful handshake.
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 50
modcall: group authenticate returns invalid for request 50
auth: Failed to validate the user.
Login incorrect: [user 1/<no User-Password attribute>] (from client localhost port 1 cli 00-02-2D-66-79-7F)
Delaying request 50 for 1 seconds
Finished request 50
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=29, length=198
Sending Access-Reject of id 29 to 127.0.0.1:32769
EAP-Message = 0x04120004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 45 ID 24 with timestamp 417fa793
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 46 ID 25 with timestamp 417fa794
Cleaning up request 47 ID 26 with timestamp 417fa794
Cleaning up request 48 ID 27 with timestamp 417fa794
Cleaning up request 49 ID 28 with timestamp 417fa794
Cleaning up request 50 ID 29 with timestamp 417fa794
Nothing to do. Sleeping until we see a request.
signature.asc
Description: OpenPGP digital signature
