Hi list,
I have a strange problem with EAP/TLS authentication.
I have done the setup with the guide from Ken Roser's howto provided in freeradius site:
- The client is XP, wireless card: linksys WPC54G
- The freeradius server is installed in linux
- The access point is linksys WRT54G
- The certificates (with enhanced key usage for server and client authentication) for server and client are generated using openssl installed in freeradius server
The log file of freeradius shows that the authentication is successful, with access-accept being sent. I use tcpdump to confirm that access-accept is indeed sent and received by the access-point. However, after about 1 minute, the client will resend an access-request. And this keeps repeating...and the client seems to fail the authentication though the radius server keeps sending access-accept:
....
Sending Access-Accept of id 23 to 192.168.168.60:1232
MS-MPPE-Recv-Key = 0xeb0e81327b50c60eb6bd54a9a02da65bcc87136bfdf0d0708f9be01db4078473
MS-MPPE-Send-Key = 0xb01787160d97e7cf0ac614e56479ee7870a6068f142a2279b71e5d3894225f72
EAP-Message = 0x03150004
Message-Authenticator = 0x00000000000000000000000000000000
MS-MPPE-Recv-Key = 0xeb0e81327b50c60eb6bd54a9a02da65bcc87136bfdf0d0708f9be01db4078473
MS-MPPE-Send-Key = 0xb01787160d97e7cf0ac614e56479ee7870a6068f142a2279b71e5d3894225f72
EAP-Message = 0x03150004
Message-Authenticator = 0x00000000000000000000000000000000
No session-timeout attribute is sent though, like in ken roser's log file. Could this be a problem ?
The eapol.log shows : [1648] 15:45:13:583: ElWriteCompletionRoutine sent out 0 bytes with error -1073741823, but I'm not quite sure what it means.
The only error log I can suspect from event viewer is this:
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 17-Nov-04
Time: 7:50:04 PM
User: N/A
Computer: LAR4S
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 17-Nov-04
Time: 7:50:04 PM
User: N/A
Computer: LAR4S
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Anyone can help me ? please ? I really need to solve this ASAP...
Thank you,
Lara
eapol.log:
[2952] 15:45:09:848: ElMediaEventsHandler entered -- EventType=<6>
[2952] 15:45:09:868: ElMediaEventsHandler: Calling ElMediaSenseCallback
[2952] 15:45:09:868: ElMediaSenseCallback: Entered
[2952] 15:45:09:868: ElMediaSenseCallbackWorker: For interface (Wireless-G Notebook Adapter with SpeedBooster), GUID ({CCB5C4C2-79EB-4414-A58B-6382051C13F6}), length of block = 90
[2952] 15:45:09:868: ElMediaSenseCallbackWorker: Callback for sense disconnect
[2952] 15:45:09:868: FSMDisconnected entered for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[2952] 15:45:09:868: Setting state DISCONNECTED for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[2952] 15:45:09:868: FSMDisconnected completed for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[2952] 15:45:09:868: ElMediaSenseCallbackWorker: Port marked disconnected Wireless-G Notebook Adapter with SpeedBooster
[2952] 15:45:09:868: ElMediaSenseCallbackWorker: processed, RetCode = 0
[1648] 15:45:13:583: ElMediaEventsHandler entered -- EventType=<7>
[1648] 15:45:13:583: ElMediaEventsHandler: Calling ElZeroConfigEvent
[1648] 15:45:13:583: ElGetInterfaceParams: SsidLength=<7>, Found EapTypeId=<13>, SSIDLen=<7>
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: DeviceDesc = , GUID = {CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: ElNdisuioEnumerateInterfaces: Opening handle
[1648] 15:45:13:583: NdisuioEnumerateInterfaces: NDISUIO bound to: (0) \DEVICE\{1A918A7C-F63C-4EF3-B6AD-12C1DFC6A4A1}
- Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
[1648] 15:45:13:583: NdisuioEnumerateInterfaces: NDISUIO bound to: (1) \DEVICE\{CCB5C4C2-79EB-4414-A58B-6382051C13F6}
- Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
- Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: ElNdisuioEnumerateInterfaces: DeviceIoControl IOCTL_NDISUIO_QUERY_BINDING has no more entries
[1648] 15:45:13:583: Device: \DEVICE\{1A918A7C-F63C-4EF3-B6AD-12C1DFC6A4A1}
[1648] 15:45:13:583: Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
[1648] 15:45:13:583: Device: \DEVICE\{CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: Description: Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Found interface after enumeration \DEVICE\{CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Found PCB already existing for interface
[1648] 15:45:13:583: ElCreatePort: Entered for Handle=(00000D8C), GUID=({CCB5C4C2-79EB-4414-A58B-6382051C13F6}), Name=(Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport), ZCId=(1150), UserData=(033B961C) Notification=<4>
[1648] 15:45:13:583: ElGetInterfaceNdisStatistics: pwszDeviceInterfaceName = (\Device\{CCB5C4C2-79EB-4414-A58B-6382051C13F6})
[1648] 15:45:13:583: ElCreatePort: PCB found for {CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: ElReStartPort: Entered: pPCB=<000DBD10>, pZCConnectInfo=<009DFED0>, Refcnt=<3>, EapFlags=<c0000000>, Notification=<4>
[1648] 15:45:13:583: ElReStartPort: prdUserData not valid
[1648] 15:45:13:583: ElReStartPort: pPCB=<000DBD10>, AuthenticationMode=<0>, EncyptionStatus=<0>, usKeyDescription=<1>
[1648] 15:45:13:583: ElGetInterfaceNdisStatistics: pwszDeviceInterfaceName = (\Device\{CCB5C4C2-79EB-4414-A58B-6382051C13F6})
[1648] 15:45:13:583: ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_INFRASTRUCTURE_MODE successful, Mode = (1)
[1648] 15:45:13:583: ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_BSSID successful
[1648] 15:45:13:583: 00 12 17 19 23 2C 00 00 00 00 00 00 00 00 00 00 |....#,..........|
[1648] 15:45:13:583: ElReStartPort: Port Network Identifier:
[1648] 15:45:13:583: 6C 69 6E 6B 73 79 73 00 00 00 00 00 00 00 00 00 |linksys.........|
[1648] 15:45:13:583: ElGetInterfaceParams: SsidLength=<7>, Found EapTypeId=<13>, SSIDLen=<7>
[1648] 15:45:13:583: ElReadPerPortRegistryParams: Setting dwEapFlags=<c0000000>
[1648] 15:45:13:583: ElGetCustomAuthData: SSIDLen=<7>, EapTypeId=<13>, Offset=<52/146>, dwAuthData=<82>
[1648] 15:45:13:583: ElGetCustomAuthData: SSIDLen=<7>, EapTypeId=<13>, Offset=<52/146>, dwAuthData=<82>
[1648] 15:45:13:583: ElReadPerPortRegistryParams: dwTotalMaxAuthFailCount = (3)
[1648] 15:45:13:583: FSMConnecting entered for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: TIMER: Restart PCB Time: 60
[1648] 15:45:13:583: ElWriteToPort entered: Pkt Length = 7
[1648] 15:45:13:583: ElWriteToPort: pPCB = 000DBD10, RefCnt = 4
[1648] 15:45:13:583: ElWriteToInterface entered
[1648] 15:45:13:583: ElWriteToInterface completed, RetCode = 0
[1648] 15:45:13:583: Setting state CONNECTING for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: FSMConnecting completed for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: CreatePort successful
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: PCB already existed, skipping Interface hash table addition
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Completed with retcode = 0
[1648] 15:45:13:583: ElIoCompletionRoutine called, 0 bytes xferred
[1648] 15:45:13:583: ElWriteCompletionRoutine sent out 0 bytes with error -1073741823
[1648] 15:45:13:583: ElWriteCompletionRoutine: pPCB= 000DBD10, RefCnt = 3
[1648] 15:45:13:583: Device: \DEVICE\{1A918A7C-F63C-4EF3-B6AD-12C1DFC6A4A1}
[1648] 15:45:13:583: Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
[1648] 15:45:13:583: Device: \DEVICE\{CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: Description: Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Found interface after enumeration \DEVICE\{CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Found PCB already existing for interface
[1648] 15:45:13:583: ElCreatePort: Entered for Handle=(00000D8C), GUID=({CCB5C4C2-79EB-4414-A58B-6382051C13F6}), Name=(Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport), ZCId=(1150), UserData=(033B961C) Notification=<4>
[1648] 15:45:13:583: ElGetInterfaceNdisStatistics: pwszDeviceInterfaceName = (\Device\{CCB5C4C2-79EB-4414-A58B-6382051C13F6})
[1648] 15:45:13:583: ElCreatePort: PCB found for {CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: ElReStartPort: Entered: pPCB=<000DBD10>, pZCConnectInfo=<009DFED0>, Refcnt=<3>, EapFlags=<c0000000>, Notification=<4>
[1648] 15:45:13:583: ElReStartPort: prdUserData not valid
[1648] 15:45:13:583: ElReStartPort: pPCB=<000DBD10>, AuthenticationMode=<0>, EncyptionStatus=<0>, usKeyDescription=<1>
[1648] 15:45:13:583: ElGetInterfaceNdisStatistics: pwszDeviceInterfaceName = (\Device\{CCB5C4C2-79EB-4414-A58B-6382051C13F6})
[1648] 15:45:13:583: ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_INFRASTRUCTURE_MODE successful, Mode = (1)
[1648] 15:45:13:583: ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_BSSID successful
[1648] 15:45:13:583: 00 12 17 19 23 2C 00 00 00 00 00 00 00 00 00 00 |....#,..........|
[1648] 15:45:13:583: ElReStartPort: Port Network Identifier:
[1648] 15:45:13:583: 6C 69 6E 6B 73 79 73 00 00 00 00 00 00 00 00 00 |linksys.........|
[1648] 15:45:13:583: ElGetInterfaceParams: SsidLength=<7>, Found EapTypeId=<13>, SSIDLen=<7>
[1648] 15:45:13:583: ElReadPerPortRegistryParams: Setting dwEapFlags=<c0000000>
[1648] 15:45:13:583: ElGetCustomAuthData: SSIDLen=<7>, EapTypeId=<13>, Offset=<52/146>, dwAuthData=<82>
[1648] 15:45:13:583: ElGetCustomAuthData: SSIDLen=<7>, EapTypeId=<13>, Offset=<52/146>, dwAuthData=<82>
[1648] 15:45:13:583: ElReadPerPortRegistryParams: dwTotalMaxAuthFailCount = (3)
[1648] 15:45:13:583: FSMConnecting entered for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: TIMER: Restart PCB Time: 60
[1648] 15:45:13:583: ElWriteToPort entered: Pkt Length = 7
[1648] 15:45:13:583: ElWriteToPort: pPCB = 000DBD10, RefCnt = 4
[1648] 15:45:13:583: ElWriteToInterface entered
[1648] 15:45:13:583: ElWriteToInterface completed, RetCode = 0
[1648] 15:45:13:583: Setting state CONNECTING for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: FSMConnecting completed for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: CreatePort successful
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: PCB already existed, skipping Interface hash table addition
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Completed with retcode = 0
[1648] 15:45:13:583: ElIoCompletionRoutine called, 0 bytes xferred
[1648] 15:45:13:583: ElWriteCompletionRoutine sent out 0 bytes with error -1073741823
[1648] 15:45:13:583: ElWriteCompletionRoutine: pPCB= 000DBD10, RefCnt = 3
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
Do you Yahoo!?
Meet the all-new My Yahoo! – Try it today!
