Hi All: I'm testing 802.1X - EAP TLS functionality with: * freeRADIUS-0.8 and the latest beta version of OPENSSL -(openssl-0.9.7-beta4) on the server; * Linux machine as a client, and * Cisco's AP350 as the authenticator.
I generated the server and client certificates. I get a "TLS_accept" error in SSLv3 read client certificate B. I also get SSL_read Error which can be omitted. (Please see the attached radius server log). * Any pointers would be highly appreciated? * How are certificates A different from certificates B? ====================================================== run_radius -X -A > radius_log + LD_LIBRARY_PATH=/usr/local/openssl-beta-latest/lib + LD_PRELOAD=/usr/local/openssl-beta-latest/lib/libcrypto.so + export LD_LIBRARY_PATH LD_PRELOAD + /usr/local/sbin/radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/1x/tstpc11.pem" tls: certificate_file = "/etc/1x/tstpc11.pem" tls: CA_file = "/etc/1x/root.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/1x/DH" tls: random_file = "/etc/1x/random" tls: fragment_size = 1024 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized the type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) main: smux_password = "" main: snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.11.20:1549, id=13, length=116 User-Name = "Cisco" NAS-IP-Address = 192.168.11.20 Called-Station-Id = "004096577e54" Calling-Station-Id = "000809000097" NAS-Identifier = "AP350" NAS-Port = 29 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\322\000\n\001Cisco" Message-Authenticator = 0x0c3403cb0c28aafd81d7fc2e32045520 modcall: entering group authorize hints: Matched DEFAULT at 41 modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "isco", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched isco at 98 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 13 to 192.168.11.20:1549 EAP-Message = "\001\323\000\006\r " Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf1e747542fcc3e706437c06a25733c0576eee43d7881c0587f27665892ede9d6518f95a6 Finished request 0 Going to the next request SMUX connect try 2 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.11.20:1550, id=14, length=206 User-Name = "Cisco" NAS-IP-Address = 192.168.11.20 Called-Station-Id = "004096577e54" Calling-Station-Id = "000809000097" NAS-Identifier = "AP350" NAS-Port = 29 Framed-MTU = 1400 State = 0xf1e747542fcc3e706437c06a25733c0576eee43d7881c0587f27665892ede9d6518f95a6 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\323\000>\r\200\000\000\0004\026\003\001\000/\001\000\000+\003\001=\344\356\202\317\347\207E\261\307\235\353E\325\374\366@{\201N\260\230\003\266\271\271\261\307n\023\n\211\000\000\004\000\004\000\005\001" Message-Authenticator = 0x40b59c0a85b4083294b01652176fd47a modcall: entering group authorize hints: Matched DEFAULT at 41 modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "isco", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched isco at 98 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization <<< TLS 1.0 Handshake [length 002f], ClientHello TLS_accept: SSLv3 read client hello A >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A >>> TLS 1.0 Handshake [length 07fd], Certificate TLS_accept: SSLv3 write certificate A >>> TLS 1.0 Handshake [length 00bf], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap_tls: SSL_read Error Error code is ..... 2 SSL Error ..... 2 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 14 to 192.168.11.20:1550 EAP-Message = "\001\324\004\n\r\300\000\000\t\025\026\003\001\000J\002\000\000F\003\001=\344\356v\201\335o{\335O\202\262\335P\246\215$\253\023c`M&\360r\355\342s@\0018\307 \330]\244\323:\262JI\035\324\262\254w\304\006;\0055@O\250T\317\025\303V\265\205b\230\317\356\000\004\000\026\003\001\007\375\013\000\007\371\000\007\366\000\004\n0\202\004\0060\202\003o\240\003\002\001\002\002\001\0010\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2551\0130\t\006\003U\004\006\023\002GE1\0170\r\006\003U\004\010\023\006Saxony1\0200\016" EAP-Message = "ikhil Chauhan1,0*\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r021122161454Z\027\r031122161454Z0\201\2461\0130\t\006\003U\004\006\023\002GE1\0170\r\006\003U\004\010\023\006Saxony1\0200\016\006\003U\004\007\023\007Dresden1\0260\024\006\003U\004\n\023\rSystemonic AG1\0340\032\006\003U\004\013\024\023Protocols & Drivers1\0200\016\006\003U\004\003\023\007tstpc111,0*\006\t*\206H\206\367\r\001\t\001\026\035nikhil.chauhan@system" EAP-Message = "onic.com0\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\302OKi'"\233\007Z\266;R\312_\005\036\261\331\222\272x\263Pd\267\014\345\354\325P\360\377Z\200\353)\202\313\01424\307}\353B\212\005\251\215 p\005\016\335xkD\276jw{\013\365\267\302Lpo\333@ \353\376C\273\371\332}+\237n_\377\233\335\225\341G\226\375a\250\270\025\tDJj\222@\244\276~\326\351\365WE\356\366\355<w\302^B0/j]\331\2343\355\266\227TW\002\003\001\000\001\243\202\00190\202\00150\t\006\003U\035\023\004\002" EAP-Message = "/u\243\267\212\206"\344\225\201D\025j+0\201\332\006\003U\035#\004\201\3220\201\317\200\024w]fY\241\036\265\007\027\217\310\322\330\2068<\352b\302\360\241\201\263\244\201\2600\201\2551\0130\t\006\003U\004\006\023\002GE1\0170\r\006\003U\004\010\023\006Saxony1\0200\016\006\003U\004\007\023\007Dresden1\0260\024\006\003U\004\n\023\rSystemonic AG1\0340\032\006\003U\004\013\024\023Protocols & Drivers1\0270\025\006\003U\004\003\023\016Nikhil Chauhan1,0*\006\t*\206H\206\367\r\001\t\001\026\035nikhil.chauhan@system" EAP-Message = "\201\000\300\376<\214\231\224\233\321a\210\031185|\251`l\255\t`\344\320\373" Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfeb25e5fb0f5c7e4dc929bc5955699ed76eee43d05ed317c5acd9bc48fe5ae9ae4420cef Finished request 1 Going to the next request SMUX connect try 3 Can't connect to SNMP agent with SMUX: Connection refused Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.11.20:1551, id=15, length=150 User-Name = "Cisco" NAS-IP-Address = 192.168.11.20 Called-Station-Id = "004096577e54" Calling-Station-Id = "000809000097" NAS-Identifier = "AP350" NAS-Port = 29 Framed-MTU = 1400 State = 0xfeb25e5fb0f5c7e4dc929bc5955699ed76eee43d05ed317c5acd9bc48fe5ae9ae4420cef NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\324\000\006\r" Message-Authenticator = 0x883c7198a2f628a052cc7e62a189525d modcall: entering group authorize hints: Matched DEFAULT at 41 modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "isco", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched isco at 98 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 15 to 192.168.11.20:1551 EAP-Message = "\001\325\004\n\r\300\000\000\t\025\371\250n\365\330\001\304\352'Y\0215\260\036\252\022\355\274\331\377\2619:\210d\201\035\007\360\3650\375)\306}\030b\230\037\373\2774j\363\262\347\266\235\340\373\0020\334\002\373\036\332y\035\213<d\352\371M\010\016kz\276\337\020\210o_\332\345R\020\000\260\272\305o\355T\016\351\344p\346A\310\013\373\346Q\027\014\310\224R\277\320\000\003\3460\202\003\3420\202\003K\240\003\002\001\002\002\001\0000\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2551\0130\t\006\003U\004\006\023" EAP-Message = "s1\0270\025\006\003U\004\003\023\016Nikhil Chauhan1,0*\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r021122160949Z\027\r021222160949Z0\201\2551\0130\t\006\003U\004\006\023\002GE1\0170\r\006\003U\004\010\023\006Saxony1\0200\016\006\003U\004\007\023\007Dresden1\0260\024\006\003U\004\n\023\rSystemonic AG1\0340\032\006\003U\004\013\024\023Protocols & Drivers1\0270\025\006\003U\004\003\023\016Nikhil Chauhan1,0*\006\t*\206H\206\367\r\001\t\001\026\035n" EAP-Message = "[EMAIL PROTECTED]\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\301\344=\313\366U\003x;\021\335\375\032\001S\321\2751\014\373\033|\266t\001z\361Y\232G\247\275jk\341g{a\200<.k)=3\225\235\314\322\022\013\344WvXo3\363\323:\022\312|&\217\244q\276\347\373\023\014\246\3573y\036W[\245\367%h5\214\345\034\311v\227\235\371\372\275\377\360\277tF\227\3578%\355\333e39\343(T\321"\254\344q[\251l2\373\317\271r2!\236K\002\003\001\000\001\243\202\001\0160\202\001\n" EAP-Message = "\007\027\217\310\322\330\2068<\352b\302\360\241\201\263\244\201\2600\201\2551\0130\t\006\003U\004\006\023\002GE1\0170\r\006\003U\004\010\023\006Saxony1\0200\016\006\003U\004\007\023\007Dresden1\0260\024\006\003U\004\n\023\rSystemonic AG1\0340\032\006\003U\004\013\024\023Protocols & Drivers1\0270\025\006\003U\004\003\023\016Nikhil Chauhan1,0*\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\202\001\0000\014\006\003U\035\023\004\0050\003\001\001\3770\r\006\t*\206H\206\367\r\001\001\004\005" EAP-Message = "\304_\003@\227\263\351\247Mb5\371=\271\3715r^\372\363Y+\317\3301\246" Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd44bc1219076d11e89ea96e1678b29e476eee43d35ff168437897ced968771357d776abd Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.11.20:1552, id=16, length=150 User-Name = "Cisco" NAS-IP-Address = 192.168.11.20 Called-Station-Id = "004096577e54" Calling-Station-Id = "000809000097" NAS-Identifier = "AP350" NAS-Port = 29 Framed-MTU = 1400 State = 0xd44bc1219076d11e89ea96e1678b29e476eee43d35ff168437897ced968771357d776abd NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\325\000\006\r" Message-Authenticator = 0xe20f9cc81e4a9c2d61532aeb10d06971 modcall: entering group authorize hints: Matched DEFAULT at 41 modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "isco", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched isco at 98 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 16 to 192.168.11.20:1552 EAP-Message = "\001\326\001\037\r\200\000\000\t\025\243\013sd\250^\213\362\037@\031\207X\233\277\240;\213;\2450\227\366S\204\247\036%v\332)\315\0051h\n\324\346e\206O\335%\370\205\335\232\305%\\FL\230\014\032=\365\276\255,\225\264(\222\023\345\033\250\336Eq\222\311\335C\320~`\226\247(\026\003\001\000\277\r\000\000\267\002\001\002\000\262\000\2600\201\2551\0130\t\006\003U\004\006\023\002GE1\0170\r\006\003U\004\010\023\006Saxony1\0200\016\006\003U\004\007\023\007Dresden1\0260\024\006\003U\004\n\023\rSystemonic AG1\0340\032" EAP-Message = "\026\[EMAIL PROTECTED]\016\000\000" Message-Authenticator = 0x00000000000000000000000000000000 State = 0x61edb378dbea35f051cd94a36bb1292c76eee43d16b0f52b809c2806a8cad669ddbc1e38 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.11.20:1553, id=17, length=1562 User-Name = "Cisco" NAS-IP-Address = 192.168.11.20 Called-Station-Id = "004096577e54" Calling-Station-Id = "000809000097" NAS-Identifier = "AP350" NAS-Port = 29 Framed-MTU = 1400 State = 0x61edb378dbea35f051cd94a36bb1292c76eee43d16b0f52b809c2806a8cad669ddbc1e38 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\326\005\200\r\300\000\000\006\332\026\003\001\006\252\013\000\005\232\000\005\227\000\005\2240~B^D^D0~B^Cm| ^C^B^A^B^B^A^C0^M^F \n*~FH~F\367^M^A^A^D^E^@0~A\2551^K0 \n^F^CU^D^F^S^BGE1^O0^M^F^CU^D^H^S^FSaxony1^P0^N^F^CU^D^G^S^GDresden1^V0^T^F^CU^D\n^S^MSystemonic AG1^\\0^Z^F^CU^D^K^T^SProtocols &\nDrivers1^W0^U^F^CU^D^C^S^NNi" EAP-Message = "khil Chauhan1,0*^F \n*~FH~F\367^M^A \n^A^V^][EMAIL PROTECTED]^^^W^M021126140730Z^W^M031126140730Z0~A\2441^K0\n \n^F^CU^D^F^S^BGE1^O0^M^F^CU^D^H^S^FSaxony1^P0^N^F^CU^D^G^S^GDresden1^V0^T^F^CU^D\n^S^MSystemonic AG1^\\0^Z^F^CU^D^K^T^SProtocols &\nD" EAP-Message = "rivers1^N0^L^F^CU^D^C^S^ECisco1,0*^F *~FH~F\367^M^A \n ^A^V^][EMAIL PROTECTED]~A~_0^M^F \n*~FH~F\367^M^A^A^A^E^@^C~A~M^@0~A~I^B~A~A^@\277\347\315S\313\366\260My\327~V\350AgA~]{^Ll!B\245\361\370+\253\340>~Sc\322o~D~X\3403\350!#p%R;]\306R\316~]\326~J\377\345~_s^D{B\367\316^[,\352^C~WG\350~H^XG~Q|,t\312^_\373\356\244\373\313\303^S\335~M\307\323\306\3475\326a" EAP-Message = "^N*\335\366\352~JC\310\241^Q\267=\354K\246~[^S\353\326\307\360A*a,:M^T^HS\254^UJiP,m^B^C^A^@^A\243~B^A90~B^A50\n ^F^CU^]^S^D^B0^@0,^F\n`~FH^A~F\370B^A^M^D^_^V^]OpenSSL Generated\nCertificate0^]^F^CU^]^N^D^V^D^T[~SQ\373\353Z~V~Q~A~I~G%0^X^@\321g\310\255~I0~A\332^F^CU^]#^D~A\3220~A\317~@^Tw]fY\241^^\265^G^W~O\310\322\330~F8<\352b\302\360\241~A\263\244~A\260" EAP-Message = "0~A\2551^K0\n\n^F^CU^D^F^S^BGE1^O0^M^F^CU^D^H^S^FSaxony1^P0^N^F^CU^D^G^S^GDresden1^V0^T^F^CU^D\n^S^MSystemonic AG1^\\0^Z^F^CU^D^K^T^SProtocols &\nDrivers1^W0^U^F^CU^D^C^S^NNikhil Chauhan1,0*^F \n*~FH~F\367^M^A \n^A^V^][EMAIL PROTECTED]~B^A^@0^M^F\n*~FH" EAP-Message = "~F\367^M^A^A^D^E^@^C~A~A^@P^Qr\257L^\323\365&\302\332^?^O^?^V\326\373\357'T\301rz\303~M;\255VX~[^T~Yj~EC~F~@M\252\313)^?\323)A^Y]8H\342#\363;^K^]~_]>~\\I[/\272q{\\^T~Q^P\316G~R~@M\316\345\323^_^[\332H^[m\325\275\262e\334\3041\362^@^" Message-Authenticator = 0x257a72ec776eefe33b7573a5b6f0877b modcall: entering group authorize hints: Matched DEFAULT at 41 modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "isco", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched isco at 98 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Multiple EAP_Message attributes found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS First Fragment of the message Total Length Included modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 17 to 192.168.11.20:1553 EAP-Message = "\001\327\000\006\r" Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3f4b54e72fa1f2db3910b101a2028b2576eee43d7db4e9f0e339917e1fbeec117b00e7c1 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.11.20:1554, id=18, length=508 User-Name = "Cisco" NAS-IP-Address = 192.168.11.20 Called-Station-Id = "004096577e54" Calling-Station-Id = "000809000097" NAS-Identifier = "AP350" NAS-Port = 29 Framed-MTU = 1400 State = 0x3f4b54e72fa1f2db3910b101a2028b2576eee43d7db4e9f0e339917e1fbeec117b00e7c1 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\327\001j\r\000S\242^]h^^\241Z~WO\371\271\262\271^TGt^^S\354\276\376\373~L1\344'H~K<\244\345\375\304^RR.\n\020\000\000\202\000\200\225\353\230\333md\0054&E\023\304z\333E=d\200\350\231\036\357\225;u\317\242\006Y\335\303HE\324\367$\343X\222\347\203PV@\036\247\030\035\304\206z\324B\033{)\375\027\316X\034\242\002 <*y{\305\203SQ\377%\374\023Y\255\323\017\311\016\227\373\006^\030Q\320@JX\312\205\256\001\253D\200\240`\3379\226\340\332]i>\206\253\346\210\020E\251\324\316[\341z\373\337f\311\025&\322\017\000\000" EAP-Message = "~\313\331\342\261\020+DeMN\374\277\265\235\310\307\021&hz\312?\244{\344\024e\361\353p\026\017\t-\245\343\372\203\000\221\323\320\024\351eq\007\2608\300\234\270/bD\331\246\343\241@\314\250\3504\362\024\003\001\000\001\001\026\003\001\000 \360V\246\212\273\255\003\343.`\356\342\027=oF2Q\234J"\r\246\000\321\312j\r\274\36502" Message-Authenticator = 0xb92331c45d16d64742cb1d123417a56c modcall: entering group authorize hints: Matched DEFAULT at 41 modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "isco", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched isco at 98 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Multiple EAP_Message attributes found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls <<< TLS 1.0 Handshake [length 059e], Certificate TLS_accept:error in SSLv3 read client certificate B rlm_eap_tls: SSL_read Error Error code is ..... 5 Error in SSL ..... 5 rlm_eap_tls: BIO_read Error Error code is ..... 5 Error in SSL ..... 5 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Delaying request 5 for 1 seconds Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.11.20:1554, id=18, length=508 Sending Access-Reject of id 18 to 192.168.11.20:1554 EAP-Message = "\004\327\000\004" Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 13 with timestamp 3de4ee76 Cleaning up request 1 ID 14 with timestamp 3de4ee76 Cleaning up request 2 ID 15 with timestamp 3de4ee76 Cleaning up request 3 ID 16 with timestamp 3de4ee76 Cleaning up request 4 ID 17 with timestamp 3de4ee76 Cleaning up request 5 ID 18 with timestamp 3de4ee76 Nothing to do. Sleeping until we see a request. 26066:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:939: 26066:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_CINF 26066:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:tasn_dec.c:566:Field=cert_info, Type=X509 26066:error:1408900D:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:ASN1 lib:s3_srvr.c:1947: ======================================================= __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]