Hi,I try to implement the EAP-TLS by Freeradius, but the authentication stoped.
From the log, I guess the reason is "NAS Reboot". I wonder if you know why it
happend. Thanks a lot in advance! Enclosed please find the part of the log.
Paul... ...Finished request 23Going to the next requestWaking up in 6
seconds...rad_recv: Access-Request packet from host 192.168.1.120:32778, id=33,
length=219 User-Name = "host/cn1njxac.cn001.siemens.net" NAS-IP-Address =
192.168.1.120 NAS-Identifier = "sourceserver.localdomain" NAS-Port = 0
Called-Station-Id = "00-19-E0-85-F2-45:madwifi_t41" Calling-Station-Id =
"00-16-6F-58-2D-4B" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x022400061900 State =
0xc22b0aa9baefeb0a401d5bfb77355856 Message-Authenticator =
0xcbe38495618ee3a8a7d15dc8d088b68d Processing the authorize section of
radiusd.confmodcall: entering group authorize for request 24
modcall[authorize]: module "preprocess" retu!
rns ok for request 24 modcall[authorize]: module "chap" returns noop for
request 24 modcall[authorize]: module "mschap" returns noop for request 24
rlm_realm: Checking for suffix after "@" rlm_realm: Looking up realm
"cn1njxac.cn001.siemens.net" for User-Name =
"host/cn1njxac.cn001.siemens.net"XXL:enter realm_find realm
=cn1njxac.cn001.siemens.net,accounting =0 Start to compare realm 2:config ream
is :LOCAL,sta ream is :cn1njxac.cn001.siemens.net rlm_realm: No such realm
"cn1njxac.cn001.siemens.net" modcall[authorize]: module "suffix" returns noop
for request 24 rlm_eap: EAP packet type response id 36 length 6 rlm_eap: No
EAP Start, assuming it's an on-going EAP conversation modcall[authorize]:
module "eap" returns updated for request 24 users: Matched entry
host/cn1njxac.cn001.siemens.net at line 95 modcall[authorize]: module "files"
returns ok for request 24XXL: enter pap_authorize,vp->attribute =1000XXL:
vp->lvalue =6XXL: enter pap_authorize,vp->attribu!
te =2XXL: enter PW_USER_PASSWORD,found_pw should be truerlm_pap: Found
existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns
noop for request 24modcall: leaving group authorize (returns updated) for
request 24 rad_check_password: Found Auth-Type EAPauth: type "EAP"
Processing the authenticate section of radiusd.confmodcall: entering group
authenticate for request 24 rlm_eap: Request found, released from the list
rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLSrlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1
eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 24modcall:
leaving group authenticate (returns handled) for request 24Sending
Access-Challenge of id 33 to 192.168.1.120 port 32778 EAP-Message =
0x012500061900 Message-Authenticator = 0x00000000000000000000000000000000 State
= 0x8810d4afb824cb4c9026f9697c25f35cFinished r!
equest 24Going to the next requestWaking up in 6 seconds...--- Walking the
entire request list ---Cleaning up request 20 ID 29 with timestamp
468e087eCleaning up request 21 ID 30 with timestamp 468e087eCleaning up request
22 ID 31 with timestamp 468e087eCleaning up request 23 ID 32 with timestamp
468e087eCleaning up request 24 ID 33 with timestamp 468e087eNothing to do.
Sleeping until we see a request.rad_recv: Accounting-Request packet from host
192.168.1.120:32779, id=34, length=101 Acct-Status-Type = Accounting-Off
Acct-Authentic = RADIUS NAS-IP-Address = 192.168.1.120 NAS-Identifier =
"sourceserver.localdomain" Called-Station-Id = "00-19-E0-85-F2-45:madwifi_t41"
Acct-Terminate-Cause = NAS-Reboot Processing the preacct section of
radiusd.confmodcall: entering group preacct for request 25 modcall[preacct]:
module "preprocess" returns noop for request 25rlm_acct_unique: WARNING:
Attribute NAS-Port was not found in request, unique ID MAY be
inconsistentrlm_acct_unique: W!
ARNING: Attribute Acct-Session-Id was not found in request, unique ID
MAY be inconsistentrlm_acct_unique: WARNING: Attribute User-Name was not found
in request, unique ID MAY be inconsistentrlm_acct_unique: Hashing
',Client-IP-Address = 192.168.1.120,NAS-IP-Address =
192.168.1.120,,'rlm_acct_unique: Acct-Unique-Session-ID = "9ac3835c84179e1f".
modcall[preacct]: module "acct_unique" returns ok for request 25 rlm_realm:
Proxy reply, or no User-Name. Ignoring. modcall[preacct]: module "suffix"
returns noop for request 25 modcall[preacct]: module "files" returns noop for
request 25modcall: leaving group preacct (returns ok) for request 25
Processing the accounting section of radiusd.confmodcall: entering group
accounting for request 25radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706'rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706
modcall[accounting]: module "detail" retu!
rns ok for request 25 modcall[accounting]: module "unix" returns noop for
request 25radius_xlat:
'/usr/local/freeradius/var/log/radius/radutmp'rlm_radutmp: NAS madwifi_t41
rebooted (Accounting-Off packet seen)rlm_radutmp: Error accessing file
/usr/local/freeradius/var/log/radius/radutmp: No such file or directory
modcall[accounting]: module "radutmp" returns ok for request 25modcall: leaving
group accounting (returns ok) for request 25Sending Accounting-Response of id
34 to 192.168.1.120 port 32779Finished request 25Going to the next request---
Walking the entire request list ---Cleaning up request 25 ID 34 with timestamp
468e08a3Nothing to do. Sleeping until we see a request.rad_recv:
Accounting-Request packet from host 192.168.1.120:32781, id=0, length=101
Acct-Status-Type = Accounting-On Acct-Authentic = RADIUS NAS-IP-Address =
192.168.1.120 NAS-Identifier = "sourceserver.localdomain" Called-Station-Id =
"00-19-E0-85-F2-45:madwifi_t41" Acct-Terminate-Cause = NAS-Rebo!
ot Processing the preacct section of radiusd.confmodcall: entering gr
oup preacct for request 26 modcall[preacct]: module "preprocess" returns noop
for request 26rlm_acct_unique: WARNING: Attribute NAS-Port was not found in
request, unique ID MAY be inconsistentrlm_acct_unique: WARNING: Attribute
Acct-Session-Id was not found in request, unique ID MAY be
inconsistentrlm_acct_unique: WARNING: Attribute User-Name was not found in
request, unique ID MAY be inconsistentrlm_acct_unique: Hashing
',Client-IP-Address = 192.168.1.120,NAS-IP-Address =
192.168.1.120,,'rlm_acct_unique: Acct-Unique-Session-ID = "9ac3835c84179e1f".
modcall[preacct]: module "acct_unique" returns ok for request 26 rlm_realm:
Proxy reply, or no User-Name. Ignoring. modcall[preacct]: module "suffix"
returns noop for request 26 modcall[preacct]: module "files" returns noop for
request 26modcall: leaving group preacct (returns ok) for request 26
Processing the accounting section of radiusd.confmodcall: entering group
accounting for request 26radius_xlat: '/usr/local/fre!
eradius/var/log/radius/radacct/192.168.1.120/detail-20070706'rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706
modcall[accounting]: module "detail" returns ok for request 26
modcall[accounting]: module "unix" returns noop for request 26radius_xlat:
'/usr/local/freeradius/var/log/radius/radutmp'rlm_radutmp: NAS madwifi_t41
restarted (Accounting-On packet seen)rlm_radutmp: Error accessing file
/usr/local/freeradius/var/log/radius/radutmp: No such file or directory
modcall[accounting]: module "radutmp" returns ok for request 26modcall: leaving
group accounting (returns ok) for request 26Sending Accounting-Response of id 0
to 192.168.1.120 port 32781Finished request 26Going to the next request---
Walking the entire request list ---Cleaning up request 26 ID 0 with timestamp
468e08a7Nothing to do. Sleeping until we see a request.rad_recv: Accounting!
-Request packet from host 192.168.1.120:32781, id=1, length=101 Acct-S
tatus-Type = Accounting-Off Acct-Authentic = RADIUS NAS-IP-Address =
192.168.1.120 NAS-Identifier = "sourceserver.localdomain" Called-Station-Id =
"00-19-E0-85-F2-45:madwifi_t41" Acct-Terminate-Cause = NAS-Reboot Processing
the preacct section of radiusd.confmodcall: entering group preacct for request
27 modcall[preacct]: module "preprocess" returns noop for request
27rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique
ID MAY be inconsistentrlm_acct_unique: WARNING: Attribute Acct-Session-Id was
not found in request, unique ID MAY be inconsistentrlm_acct_unique: WARNING:
Attribute User-Name was not found in request, unique ID MAY be
inconsistentrlm_acct_unique: Hashing ',Client-IP-Address =
192.168.1.120,NAS-IP-Address = 192.168.1.120,,'rlm_acct_unique:
Acct-Unique-Session-ID = "9ac3835c84179e1f". modcall[preacct]: module
"acct_unique" returns ok for request 27 rlm_realm: Proxy reply, or no
User-Name. Ignoring. modcall[preacct]: module "suff!
ix" returns noop for request 27 modcall[preacct]: module "files" returns noop
for request 27modcall: leaving group preacct (returns ok) for request 27
Processing the accounting section of radiusd.confmodcall: entering group
accounting for request 27radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706'rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706
modcall[accounting]: module "detail" returns ok for request 27
modcall[accounting]: module "unix" returns noop for request 27radius_xlat:
'/usr/local/freeradius/var/log/radius/radutmp'rlm_radutmp: NAS madwifi_t41
rebooted (Accounting-Off packet seen)rlm_radutmp: Error accessing file
/usr/local/freeradius/var/log/radius/radutmp: No such file or directory
modcall[accounting]: module "radutmp" returns ok for request 27modcall: leaving
group accounting (returns ok)!
for request 27Sending Accounting-Response of id 1 to 192.168.1.120 po
rt 32781Finished request 27Going to the next request--- Walking the entire
request list ---Cleaning up request 27 ID 1 with timestamp 468e0abeNothing to
do. Sleeping until we see a request.
_________________________________________________________________
探索 Windows Vista 的世界
http://search.live.com/results.aspx?q=windows+vista&mkt=zh-cn&FORM=LIVSOP-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
