I am seeing something strange, my 802.1x clients cannot connect. I have my
client configured to use PEAP/MSCHAPv2 with user auth, however the requests I
see in my FreeRADIUS debug are set to EAP-TLS.
I have checked SEVERAL times that my client is set to use PAEP/MSCHAPv2 ... why
is it going to EAP-TLS! GARH!
>From /etc/raddb/eap.conf
<SNIP>
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
.
.
.
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "packetfence-tunnel"
#soh = yes
#soh_virtual_server = "soh-server"
}
mschapv2 {
}
}
</SNIP>
>From radius -X
<SNIP>
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair State = 0x17e0bcdd14e5b1eefaf2eaeec0be4f98
rlm_perl: Added pair Calling-Station-Id = 4C-EB-42-33-64-8B
rlm_perl: Added pair Called-Station-Id = 00-0F-7D-31-67-B3:UMHB SecureNet
rlm_perl: Added pair Message-Authenticator = 0x3b675a5f98a378fd637acfaa3c8c41e0
rlm_perl: Added pair User-Name = [email protected]
rlm_perl: Added pair NAS-Identifier = Sanderford-3
rlm_perl: Added pair EAP-Message = 0x020500110d800000000715030100020230
rlm_perl: Added pair Connect-Info = CONNECT 6Mbps/6Mbps 802.11g
rlm_perl: Added pair Realm = umhb.edu
rlm_perl: Added pair EAP-Type = EAP-TLS
rlm_perl: Added pair Stripped-User-Name = jake.sallee
rlm_perl: Added pair NAS-IP-Address = 10.11.40.180
rlm_perl: Added pair NAS-Port = 912
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair Auth-Type = EAP
++[packetfence] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 7
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect (TLS Alert read:fatal:unknown CA): [[email protected]] (from
client 10.11.40.180 port 912 cli 4C-EB-42-33-64-8B)
} # server packetfence
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> [email protected]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 10 for 1 seconds
</SNIP>
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
