Does it write anything to the log? On startup or when you send a local radtest request?
Ivan Kalik Kalik Informatika ISP Dana 10/9/2007, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše: > >> Message: 3 >> Date: Mon, 10 Sep 2007 10:23:19 +0200 (CEST) >> From: inelec communication <[EMAIL PROTECTED]> >> Subject: RE : LOGs of eap-tls authentication >> To: FreeRadius users mailing list >Hi > Please find my result.The authentication is working well.The problem is logs > are not in radius.log file. > > [EMAIL PROTECTED] fr1.1.7]# cat successlog > Message-Authenticator = 0x96080298cf8084c0a353d72c9e82a3aa > Service-Type = Framed-User > User-Name = \"anoop07\" > Framed-MTU = 1488 > Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\" > Calling-Station-Id = \"00-0E-35-F3-A1-67\" > NAS-Identifier = \"D-Link Access Point\" > NAS-Port-Type = Wireless-802.11 > Connect-Info = \"CONNECT 54Mbps 802.11g\" > EAP-Message = 0x0200000c01616e6f6f703037 > NAS-IP-Address = 192.168.0.50 > NAS-Port = 1 > NAS-Port-Id = \"STA port # 1\" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 > modcall[authorize]: module \"preprocess\" returns ok for request 0 > rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL > rlm_realm: No such realm \"NULL\" > modcall[authorize]: module \"suffix\" returns noop for request 0 > rlm_eap: EAP packet type response id 0 length 12 > rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation > modcall[authorize]: module \"eap\" returns updated for request 0 > users: Matched entry DEFAULT at line 153 > users: Matched entry DEFAULT at line 172 > modcall[authorize]: module \"files\" returns ok for request 0 >modcall: leaving group authorize (returns updated) for request 0 > rad_check_password: Found Auth-Type EAP >auth: type \"EAP\" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 0 > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Requiring client certificate > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module \"eap\" returns handled for request 0 >modcall: leaving group authenticate (returns handled) for request 0 >Sending Access-Challenge of id 0 to 192.168.0.50 port 1033 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = 0x010100060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x8ab131c9d151752c61f18ffb09aa2c55 >Finished request 0 >Going to the next request >--- Walking the entire request list --- >Waking up in 6 seconds... >rad_recv: Access-Request packet from host 192.168.0.50:1033, id=1, length=299 > Message-Authenticator = 0xe6d7ba1e4458e637c60740bc57383f9e > Service-Type = Framed-User > User-Name = \"anoop07\" > Framed-MTU = 1488 > State = 0x8ab131c9d151752c61f18ffb09aa2c55 > Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\" > Calling-Station-Id = \"00-0E-35-F3-A1-67\" > NAS-Identifier = \"D-Link Access Point\" > NAS-Port-Type = Wireless-802.11 > Connect-Info = \"CONNECT 54Mbps 802.11g\" > EAP-Message = > 0x020100600d800000005616030100510100004d030146e4c9b422a11c > 6b0c2a9c5e74b8a0de5e3eb0e1d8a15f49cb7cbf83ad04116a105892c006371829ccf94f1dcdc6d8 > 3e3d001600040005000a000900640062000300060013001200630100 > NAS-IP-Address = 192.168.0.50 > NAS-Port = 1 > NAS-Port-Id = \"STA port # 1\" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 1 > modcall[authorize]: module \"preprocess\" returns ok for request 1 > rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL > rlm_realm: No such realm \"NULL\" > modcall[authorize]: module \"suffix\" returns noop for request 1 > rlm_eap: EAP packet type response id 1 length 96 > rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation > modcall[authorize]: module \"eap\" returns updated for request 1 > users: Matched entry DEFAULT at line 153 > users: Matched entry DEFAULT at line 172 > modcall[authorize]: module \"files\" returns ok for request 1 >modcall: leaving group authorize (returns updated) for request 1 > rad_check_password: Found Auth-Type EAP >auth: type \"EAP\" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 1 > rlm_eap: Request found, released from the list > rlm_eap: EAP/tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate > rlm_eap_tls: processing TLS >rlm_eap_tls: Length Included > eaptls_verify returned 11 > (other): before/accept initialization > TLS_accept: before/accept initialization > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello > TLS_accept: SSLv3 read client hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello > TLS_accept: SSLv3 write server hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 04be], Certificate > TLS_accept: SSLv3 write certificate A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest > TLS_accept: SSLv3 write certificate request A > TLS_accept: SSLv3 flush data > TLS_accept: Need to read more data: SSLv3 read client certificate A >In SSL Handshake Phase >In SSL Accept mode > eaptls_process returned 13 > modcall[authenticate]: module \"eap\" returns handled for request 1 >modcall: leaving group authenticate (returns handled) for request 1 >Sending Access-Challenge of id 1 to 192.168.0.50 port 1033 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = > 0x0102040a0dc000000563160301004a02000046030146e4c9b59eb2f0 > eb1e4eff23a4604203f5da0d54bd36842f27464dc2af678d07203e33b80dee1b655fafab80ece953 > > ac778f9d578cced14cc8f23c7e0e2c4335b800040016030104be0b0004ba0004b700022b30820227 > > 30820190a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302 > > 494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313 > > 0730377877696669301e170d3037303131333037353834305a170d3038303131333037353834305a > 305f310b300906035504061302494e310b3009060355040813 > EAP-Message = > 0x02544e310d300b060355040a1304536966793110300e060355040313 > 07303778776966693122302006092a864886f70d01090116136a65796b756d61725f734073696679 > > 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c6f366d39a74d8 > > b66b561628be123f18f9b0a71f09b98d21b990e9a987d9acf3ceabd01df377e13da987a23f244496 > > dfc0609e99ee03a9f44e51033cbb84c814d9d3225aacc7c67786fcd193d57c3f5ac16d7d1b835701 > > 52edca9ba9ff99ca4feffcb244551292fad52026afda1f876205e84a26b81cebd89fa03fd97e5f7f > db0203010001a317301530130603551d25040c300a06082b06 > EAP-Message = > 0x010505070301300d06092a864886f70d010104050003818100a4cbb4 > e6e8190d840edc9e61637a38ffa423b2a67e8d308c3005b8ec18318e94ddddbac0ccb1a15780c285 > > de01622608f4caded74bab6f0c9d44dfdeb648e46bdd4de3606e4c7f86e5f86472722db409baffdb > > 78eb6c7ad267a623e1155af13de26e83f3ce29b4f82baf551b756d2f49e5691cc1d80f6fb253b11e > > 7a15bf296000028630820282308201eba003020102020100300d06092a864886f70d010104050030 > > 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 > 66793110300e0603550403130730377877696669301e170d30 > EAP-Message = > 0x37303131333037353830305a170d3038303131333037353830305a30 > 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 > > 66793110300e060355040313073037787769666930819f300d06092a864886f70d01010105000381 > > 8d0030818902818100ec232cf24bd548a586d614994a3f3b9ee699eb64a3bf9a0c90d7bc8afb3984 > > 2c767c3613757b8d38a78ceaa6a499be55dcf997abb9963b3ef406b39f766054d8e37d35859e6bd5 > > ce686c01eb63a25684afb79cd6796193355bd3ae67eae642701a34d1bc93426ade87434dadfbc8a8 > b0cae8137d97d2a267973f2213ebeefcfd0203010001a38195 > EAP-Message = 0x308192301d0603551d0e04160414095ab44cec0cb80f > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xf4654b6a22307d938c91831ef0396b8e >Finished request 1 >Going to the next request >Waking up in 6 seconds... >rad_recv: Access-Request packet from host 192.168.0.50:1033, id=2, length=209 > Message-Authenticator = 0x5dc14e6f1f5361ad60a06d2bffa9e4a9 > Service-Type = Framed-User > User-Name = \"anoop07\" > Framed-MTU = 1488 > State = 0xf4654b6a22307d938c91831ef0396b8e > Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\" > Calling-Station-Id = \"00-0E-35-F3-A1-67\" > NAS-Identifier = \"D-Link Access Point\" > NAS-Port-Type = Wireless-802.11 > Connect-Info = \"CONNECT 54Mbps 802.11g\" > EAP-Message = 0x020200060d00 > NAS-IP-Address = 192.168.0.50 > NAS-Port = 1 > NAS-Port-Id = \"STA port # 1\" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 2 > modcall[authorize]: module \"preprocess\" returns ok for request 2 > rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL > rlm_realm: No such realm \"NULL\" > modcall[authorize]: module \"suffix\" returns noop for request 2 > rlm_eap: EAP packet type response id 2 length 6 > rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation > modcall[authorize]: module \"eap\" returns updated for request 2 > users: Matched entry DEFAULT at line 153 > users: Matched entry DEFAULT at line 172 > modcall[authorize]: module \"files\" returns ok for request 2 >modcall: leaving group authorize (returns updated) for request 2 > rad_check_password: Found Auth-Type EAP >auth: type \"EAP\" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 2 > rlm_eap: Request found, released from the list > rlm_eap: EAP/tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate > rlm_eap_tls: processing TLS >rlm_eap_tls: Received EAP-TLS ACK message > rlm_eap_tls: ack handshake fragment handler > eaptls_verify returned 1 > eaptls_process returned 13 > modcall[authenticate]: module \"eap\" returns handled for request 2 >modcall: leaving group authenticate (returns handled) for request 2 >Sending Access-Challenge of id 2 to 192.168.0.50 port 1033 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = > 0x0103016d0d80000005638c150861ea8bc609ed3cfbc030630603551d > 23045c305a8014095ab44cec0cb80f8c150861ea8bc609ed3cfbc0a13fa43d303b310b3009060355 > > 04061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603 > > 550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d01 > > 010405000381810019a69104ce7b395ddbb7a05ae632f71c590ba34e71b9a57cbe952eabed153fda > > cb07eb1c8d6db397f1f47a687103025a91b0431e73beac6e788de0af02e7d49e35808652dc4b2db6 > 0ccbcef9245239c47c785fb5c78c79ed7dd22d60ab6c19727e > EAP-Message = > 0xaa68ec38e3fc5b6e7716741e1f56eba981970face974b560ba07450e > cdf817160301004c0d000044020102003f003d303b310b300906035504061302494e310b30090603 > > 5504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669 > 0e000000 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x378a0c3727565af6c193024a8be476bc >Finished request 2 >Going to the next request >Waking up in 6 seconds... >rad_recv: Access-Request packet from host 192.168.0.50:1033, id=3, length=1100 > Message-Authenticator = 0x2261a2046965f5b6c67629831b5ef1f5 > Service-Type = Framed-User > User-Name = \"anoop07\" > Framed-MTU = 1488 > State = 0x378a0c3727565af6c193024a8be476bc > Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\" > Calling-Station-Id = \"00-0E-35-F3-A1-67\" > NAS-Identifier = \"D-Link Access Point\" > NAS-Port-Type = Wireless-802.11 > Connect-Info = \"CONNECT 54Mbps 802.11g\" > EAP-Message = > 0x0203037b0d800000037116030103410b00023100022e00022b308202 > 2730820190a003020102020106300d06092a864886f70d0101040500303b310b3009060355040613 > > 02494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403 > > 130730377877696669301e170d3037303131373033303230385a170d303830313137303330323038 > > 5a305f310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304 > > 536966793110300e06035504031307616e6f6f7030373122302006092a864886f70d01090116136a > 65796b756d61725f7340736966792e636f6d30819f300d0609 > EAP-Message = > 0x2a864886f70d010101050003818d0030818902818100c530f10ae7bd > 0f0fbd6bbafbcd48532c054b9afd474b7cd7ce6aa0291d664476bb1d9d143cfb4c713f5b47b5e636 > > 3f6ceed4c3bc51ef1a35c84a100bb17b262f38923947a12f1e288ffe57fccfa92e6d12da42d9016a > > 8da5c07c7705c2156da206d76fd569ca589fdca309fd1703fec4b5fa77ee1257b5b9514e39b4d79d > > 601f0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886 > > f70d01010405000381810089c51110b91d0135f1a99f29ea922ff1a7738195963017d2d9dd32c81d > 2782210b1329644559fc746cb77ce6f707f50efe3aa155b3d9 > EAP-Message = > 0x36f15183865793097ff4207baac2d26153f81f177377493db3d2a52d > b063b7668b57bc0e575401a6da093e5abd9a0f147810eaf1ee2967bc2252afe0bf8b7b678914895c > > c3190f22eb7a1000008200803ea26a8f1b684b4c6f76f7ca07e3b3d0dd71dd459cd90f96868faf38 > > 253fc9970fbc3e19efb321e353e982314b42e8bb66aa5b1ee540a4810d8a48a1615b8af8657a9b38 > > cc1caf7da1966813de8f59f372c63c4cbac4dd3ad7877bcc8fba80ca799f52efcdee1b541461ef7e > > 65948840305e0dbcc845d069765955affbf8b41e0f0000820080588771eb658b2403ce711f921da6 > 27e0b633993385a5dc7d249503ecc0c84f7bdefc5bf34c20a9 > EAP-Message = > 0x4b18930f40b19d87ea7d1819aa00d2e42ea7fed5f4ad7d327a0a6eee > 2b2c5915e86f5c4399e75af08982a3462b8b65478ef1c88592679fd3de147e0b1153e54c4e97c8e5 > > 3119db0b0c62b47ec818386db914820c02f63071781403010001011603010020761ad2fae86d1219 > 94064ff99a0de5bc0eb15df5bafe1a75fcfa20f285db803a > NAS-IP-Address = 192.168.0.50 > NAS-Port = 1 > NAS-Port-Id = \"STA port # 1\" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 3 > modcall[authorize]: module \"preprocess\" returns ok for request 3 > rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL > rlm_realm: No such realm \"NULL\" > modcall[authorize]: module \"suffix\" returns noop for request 3 > rlm_eap: EAP packet type response id 3 length 253 > rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation > modcall[authorize]: module \"eap\" returns updated for request 3 > users: Matched entry DEFAULT at line 153 > users: Matched entry DEFAULT at line 172 > modcall[authorize]: module \"files\" returns ok for request 3 >modcall: leaving group authorize (returns updated) for request 3 > rad_check_password: Found Auth-Type EAP >auth: type \"EAP\" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 3 > rlm_eap: Request found, released from the list > rlm_eap: EAP/tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate > rlm_eap_tls: processing TLS >rlm_eap_tls: Length Included > eaptls_verify returned 11 > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0235], Certificate >chain-depth=1, >error=0 >--> User-Name = anoop07 >--> BUF-Name = 07xwifi >--> subject = /C=IN/ST=TN/O=Sify/CN=07xwifi >--> issuer = /C=IN/ST=TN/O=Sify/CN=07xwifi >--> verify return:1 >chain-depth=0, >error=0 >--> User-Name = anoop07 >--> BUF-Name = anoop07 >--> subject = /C=IN/ST=TN/O=Sify/CN=anoop07/[EMAIL PROTECTED] >--> issuer = /C=IN/ST=TN/O=Sify/CN=07xwifi >--> verify return:1 > TLS_accept: SSLv3 read client certificate A > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange > TLS_accept: SSLv3 read client key exchange A > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify > TLS_accept: SSLv3 read certificate verify A > rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished > TLS_accept: SSLv3 read finished A > rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] > TLS_accept: SSLv3 write change cipher spec A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished > TLS_accept: SSLv3 write finished A > TLS_accept: SSLv3 flush data > (other): SSL negotiation finished successfully >SSL Connection Established > eaptls_process returned 13 > modcall[authenticate]: module \"eap\" returns handled for request 3 >modcall: leaving group authenticate (returns handled) for request 3 >Sending Access-Challenge of id 3 to 192.168.0.50 port 1033 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = > 0x010400350d800000002b1403010001011603010020324ac90185d18d > e8ead736d798e140ed642aeb31ff52849b3aa5b6f021c5aec0 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x5ffef94eee0c0123922689d2e6c2fe8e >Finished request 3 >Going to the next request >Waking up in 6 seconds... >--- Walking the entire request list --- >Cleaning up request 0 ID 0 with timestamp 46e4c9b5 >Cleaning up request 1 ID 1 with timestamp 46e4c9b5 >Cleaning up request 2 ID 2 with timestamp 46e4c9b5 >Cleaning up request 3 ID 3 with timestamp 46e4c9b5 >Nothing to do. Sleeping until we see a request. >rad_recv: Access-Request packet from host 192.168.0.50:1033, id=4, length=209 > Message-Authenticator = 0x221fc85bf9fb820395d9c8484a3fdabc > Service-Type = Framed-User > User-Name = \"anoop07\" > Framed-MTU = 1488 > State = 0x5ffef94eee0c0123922689d2e6c2fe8e > Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\" > Calling-Station-Id = \"00-0E-35-F3-A1-67\" > NAS-Identifier = \"D-Link Access Point\" > NAS-Port-Type = Wireless-802.11 > Connect-Info = \"CONNECT 54Mbps 802.11g\" > EAP-Message = 0x020400060d00 > NAS-IP-Address = 192.168.0.50 > NAS-Port = 1 > NAS-Port-Id = \"STA port # 1\" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 4 > modcall[authorize]: module \"preprocess\" returns ok for request 4 > rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL > rlm_realm: No such realm \"NULL\" > modcall[authorize]: module \"suffix\" returns noop for request 4 > rlm_eap: EAP packet type response id 4 length 6 > rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation > modcall[authorize]: module \"eap\" returns updated for request 4 > users: Matched entry DEFAULT at line 153 > users: Matched entry DEFAULT at line 172 > modcall[authorize]: module \"files\" returns ok for request 4 >modcall: leaving group authorize (returns updated) for request 4 > rad_check_password: Found Auth-Type EAP >auth: type \"EAP\" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 4 > rlm_eap: Request found, released from the list > rlm_eap: EAP/tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate > rlm_eap_tls: processing TLS >rlm_eap_tls: Received EAP-TLS ACK message > rlm_eap_tls: ack handshake is finished > eaptls_verify returned 3 > eaptls_process returned 3 > rlm_eap: Freeing handler > modcall[authenticate]: module \"eap\" returns ok for request 4 >modcall: leaving group authenticate (returns ok) for request 4 >Sending Access-Accept of id 4 to 192.168.0.50 port 1033 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > MS-MPPE-Recv-Key = > 0x428d07c24a61cd12f49c7b51f54e36b19dce6fa5e42d393221d 043784abdc995 > MS-MPPE-Send-Key = > 0x55f256119e8b41171ac594ea1a871d302fff183d06365a3505b 6a6786eee1fc5 > EAP-Message = 0x03040004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = \"anoop07\" >Finished request 4 >Going to the next request >--- Walking the entire request list --- >Waking up in 6 seconds... >--- Walking the entire request list --- >Cleaning up request 4 ID 4 with timestamp 46e4c9bc >Nothing to do. Sleeping until we see a request. > > > >[EMAIL PROTECTED] fr1.1.7]# > > > > >> <[email protected]> >> Message-ID: <[EMAIL PROTECTED]> >> Content-Type: text/plain; charset=\"iso-8859-1\" >> >> hello, >> running radius in debug mode doesn\'t give any log file ,i meen it >> doesn\'t give logs in radiusd.log ; if you give me your result when you >> have rubn radiusd -X -A perhaps i can help >> >> regards >> >> > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
