Hi all.
I have 2 server radius and 1 "AP Cisco" configured to use EAP
Authentication.
I have 2 server radius with freeradius 1.1.7 (fedora 8), configured in
the same way (PEAP) (I haad configured my first server radius and then I
copied my configuration files , and the certificates in second server
radius)
Then by my linux laptop, with wpa_supplicant I try to connect to my
wireless ntwork.
1)
If my AP is configured to require the authentication on first server
radius 1, I obtain this log messages:
*Mon May 19 08:51:20 2008 : Error: TLS_accept:error in SSLv3 read
client certificate A
Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Mon May 19 08:51:20 2008 : Info: (other): SSL negotiation finished
successfully
Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message*
Mon May 19 08:51:20 2008 : Info: rlm_eap_mschapv2: Issuing Challenge
*Mon May 19 08:51:20 2008 : Auth: Login OK: [fanti/<no User-Password
attribute>] (from client localhost port 3686 cli 001e.4c00.dade)
Mon May 19 08:51:20 2008 : Auth: Login OK: [fanti/<no User-Password
attribute>] (from client ap-alternet port 3686 cli 001e.4c00.dade)*
##############################################################
If I start with radius -X:
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 9
modcall: group authenticate returns ok for request 9
*Login OK: [fanti/<no User-Password attribute>] (from client ap-alternet
port 3687 cli 001e.4c00.dade)*
##################################################################
2)
In my second server radius I obtain:
Mon May 19 08:50:38 2008 : Info: rlm_eap_mschapv2: Issuing Challenge
*Mon May 19 08:50:38 2008 : Auth: Login OK: [fanti] (from client
localhost port 3689 cli 001e.4c00.dade)
Mon May 19 08:50:38 2008 : Auth: Login OK: [fanti] (from client
ap-alternet port 3689 cli 001e.4c00.dade)*
#####################
If I start with radius -X:
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 9
modcall: leaving group authenticate (returns ok) for request 9
*Login OK: [fanti] (from client ap-alternet port 3690 cli 001e.4c00.dade
*I don't understand why I have differences in this 2 logs (In rows
where I have Login OK).
Can you help me please ?
Thank you
enrico
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
