All,I am having problems with my freeradius server for the past 24 hours, which seems that the radius server isn't authenticating EAP-TLS clients from my wireless network. I am looking for a little advice from the local subject matter experts. I am running a Vista and an XP home client right now, both worked, I rebuilt the Vista machine and wasn't able to authenticate. my WAP tends to not service Radius requests when the radius server goes away for whatever reasons, and the fix is just to cycle power on it. It is a WRT54GS by Linksys, and after the last power cycle, it just doesn't authenticate clients anymore. If it is the WAP, I am wondering what suggestions people have for a good WAP that is stable and runs WPA2 Enterprise? What I am seeing from Radiusd on Debug mode is:
rad_recv: Access-Request packet from host 192.168.10.10 port 1784, id=1, length=152
User-Name = "mizu.tsukinokage.net"
NAS-IP-Address = 192.168.10.10
Called-Station-Id = "001c10486288"
Calling-Station-Id = "0014a5a6a5cc"
NAS-Identifier = "001c10486288"
NAS-Port = 15
Framed-MTU = 1400
State = 0x639a9b23609f96504f388f2c9ad13fd9
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500060d00
Message-Authenticator = 0x1f961b8013c153936ae43b6773041886
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 5 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.10.10 port 1784
EAP-Message =
0x010603940d8000000b767587a713825ca119ce08932bbe4020c901ad46aeebce040fa4d3117a1fa50d80f5fb10f57fac4df7c4f0d7faee4bebbcfed4e6f57361f5e9cc9deb2dda9bd3b180b4c2ba44dbad255360dc7ea5458f996ccad8a9898c9e0b68ecb3d25bd7a162389ca470f3570486595ff691f067db5465ac15e3ed0203010001a382012530820121301d0603551d0e041604141cb898aede20e0af4cdf6b2d9318d91ea47fa5143081f10603551d230481e93081e680141cb898aede20e0af4cdf6b2d9318d91ea47fa514a181c2a481bf3081bc310b30090603550406130255533111300f060355040813084e65627261736b61310e300c06
EAP-Message =
0x0355040713054f6d6168613120301e060355040a13175473756b696e6f6b61676520456e746572707269736573311c301a060355040b13134e6574776f726b20456e67696e656572696e67311f301d060355040313166861727568692e7473756b696e6f6b6167652e6e65743129302706092a864886f70d010901161a6e6f6d6272616e647565407473756b696e6f6b6167652e6e65748209009ea0873a2fb16562300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004ccbaf1b8a85e6584c42c610702d25ed5b9477e6a5a4382285f588a3e657584a57c5367ef65881080835111345c094b944d1681af38ee4d20a
EAP-Message =
0xe72024114c87ac199a1565d4928aa71274d1111b9c62136dc6f2dbbf8d0d8f0112907aa7ee4c8a51915d8c8ba4012ebe8d015a0d4634d48ef74410f9ad3eefb19c5b2c0107caab3e856575ef8946ed1bd854200b3996bb85939db7c1611d599bc8f4c0b0dfd421126ba709d1cfcf741f0e72963d6e081c46bdc1b7f17d1d26fdf5f23961044e4730dad2e25c96f87457e14c4f97b531745cc5a26e6e63a184d4c02833fa26160ae8edb8ec189286dc4dddeea81a08d871bf8e94d8215838b4f1c825f114a1dd8816030100ce0d0000c602010200c100bf3081bc310b30090603550406130255533111300f060355040813084e65627261736b61310e30
EAP-Message =
0x0c060355040713054f6d6168613120301e060355040a13175473756b696e6f6b61676520456e746572707269736573311c301a060355040b13134e6574776f726b20456e67696e656572696e67311f301d060355040313166861727568692e7473756b696e6f6b6167652e6e65743129302706092a864886f70d010901161a6e6f6d6272616e647565407473756b696e6f6b6167652e6e65740e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x639a9b23679c96504f388f2c9ad13fd9
Finished request 67.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.10 port 1786, id=1,
length=152
User-Name = "mizu.tsukinokage.net"
NAS-IP-Address = 192.168.10.10
Called-Station-Id = "001c10486288"
Calling-Station-Id = "0014a5a6a5cc"
NAS-Identifier = "001c10486288"
NAS-Port = 15
Framed-MTU = 1400
State = 0x639a9b23679c96504f388f2c9ad13fd9
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020600060d00
Message-Authenticator = 0x0bafacf4ec9889421fde967080dbc63d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 6 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.10.10 port 1786
EAP-Message = 0x0107000a0d8000000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x639a9b23669d96504f388f2c9ad13fd9
Finished request 68.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 63 ID 1 with timestamp +594
Cleaning up request 64 ID 1 with timestamp +594
Cleaning up request 65 ID 1 with timestamp +594
Cleaning up request 66 ID 1 with timestamp +594
Cleaning up request 67 ID 1 with timestamp +594
Cleaning up request 68 ID 1 with timestamp +594
Ready to process requests.
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
