- Original Message -
From: Hal Pomeranz [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Problem with EAP/TLS and XP SP2
Date: Wed, 2 Nov 2005 21:22:55 -0800
Radius Server: Freeradius 1.0.5 on Solaris 8 (Sparc)
Client:Windows XP (SP2), Intel PRO/Wireless 2915 (a/b/g)
Access Point: DLink DI-784
I'm having trouble getting my laptop (running Windows XP SP2) to
authenticate to my access point using EAP/TLS. XP shows the wireless
interface hung forever in Attempting to authenticate state. I've
been beating my head against this all day without success, although I
think I'm close and just missing something stupid and obvious.
In the debugging log from radiusd -X below, I can see my laptop
communicating with the radius server. I'm definitely seeing the
correct username (HalPomeranz) from the certificate I installed
on the laptop. The radius server is finding the username entry
in my users file. The only thing that looks like an error is
the lines that read:
rlm_eap_tls: TLS 1.0 Handshake [length 005e], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
I Googled a bit for this error message and turned up some mailing list
traffic describing similar problems, but no solutions. Perhaps this
is a red herring, however.
Note that I am successfully using this same radius server to
authenticate some older clients which use LEAP to connect via a
different access point, so I'm thinking my radius config is basically
sound.
Does anybody have any suggestions for how to resolve my problem?
Anybody seen anything like this before? Thanks in advance...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Hal Pomeranz, Founder/CEO Deer Run Associates [EMAIL PROTECTED]
Network Connectivity and Security, Systems Management, Training
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /var/freeradius/etc/raddb/proxy.conf
Config: including file: /var/freeradius/etc/raddb/clients.conf
Config: including file: /var/freeradius/etc/raddb/snmp.conf
Config: including file: /var/freeradius/etc/raddb/eap.conf
Config: including file: /var/freeradius/etc/raddb/sql.conf
main: prefix = /var/freeradius
main: localstatedir = /var/freeradius/var
main: logdir = /var/freeradius/var/log/radius
main: libdir = /var/freeradius/lib
main: radacctdir = /var/freeradius/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/freeradius/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/freeradius/var/run/radiusd/radiusd.pid
main: user = radiusd
main: group = radiusd
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /var/freeradius/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /var/freeradius/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /var/freeradius/var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: