Radius client can not connected!

[Kwok Sianbin]

Hi all,

Need help.

I'd been doing this for sometimes and can't get it solved.

Client try to communicate with server but just can't get it connected.

here are the message:



Waking up in 4.7 seconds.

    User-Name = testing

    NAS-IP-Address = 0.0.0.0

    Framed-MTU = 1488

    Called-Station-Id = 00:30:1a:29:03:66

    Calling-Station-Id = 00:1c:f0:10:56:b8

    NAS-Port-Type = Wireless-802.11

    NAS-Identifier = 127.0.0.1

    Connect-Info = CONNECT 11Mbps 802.11b

    State = 0x50713d8653743023ce88a0c1a1b930fe

    EAP-Message =
0x020505c50d8005bb160301058b0b00037b0003780003753082037130820259a003020102020102300d06092a864886f70d01010405003070310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e311730150603550403140e4d6172734e65745f5365727665723120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d301e170d3038303730383032323630315a170d3131303730383032323630315a306f310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520

    EAP-Message =
0x496e632e311730150603550403140e4d6172734e65745f436c69656e74311f301d06092a864886f70d010901161075736572406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d9c82149515d4198e7647e1dd2fdaba3dd274d89fe59259ea656b5550118896812a05a0bad9307dda14f88582a1cfd1b8f475aabfc4e7ee2618d195fdb4fed673093982696a14d7a929c8590bfb32a930ee363d15a2ddadaf398d497527addbb88562c48803840ac7ab5cfd47709718078cee8489a415783ff1149bd2d8c4abd5ed1c83811392890b60e65dcfe3fae892d4ab0e3f98506387d47094656bb

    EAP-Message =
0xc7b5fdebc4b342b797d0dcc7a3fdd68cfa52490ec10a1e4a5d9cc82decc3f7340611755269c937f882478b6a875c460ea997351f33291f4f94bc7661b7f76a5457479f72639fc9acf815aa5ed438309a1695ffe34f1f967ad8f0b63d2e72f71240050203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010104050003820101008cb12a5b0e048b822dd0e435fdb3c808a183a2bfe5b8970d24c8d7d8de6183ac6bd0978accaa284093f927e49b512056fd5850cd2211016f0d68099bc90a2bf2fb93ab3f6a2552fe2b094ffb8830aabe7d00871f1f8b882d3bfec10f73a7af1688a51a2e915597276d

    EAP-Message =
0x0e2c716dbd340dba22124f473ea8396e799c6de451101cb64cc0e8913535dc79d23e6194878814e7d6baa7a1ba616947cfe5d368a83f5db7e71e95e9b90f189033e9851b1d8419c4ab78b988ca9c4ff1163ed3e390e486bfc803e176cb108e7c31b51c5b618e644a046f7a60f232b0d57c47f1626a96115e83d457a3ad661c064986ebdd3629ef50b6a0d67e7b923d4a0d288b3652d98e110201003c14f10ae05a07ca00d74116971fd5d146e8640db1f58ebebf6e49c7cd8dabe98da7b6461af55c77e5fbde2336eb2914ceb3a6e09cdb6a46989cd9e22983bc672387ff0483700a70e396a9f844edd9ac4bb95c4b2a3bc45755d9408e41b37034

    EAP-Message =
0x32c84f5b11d84870904e298defb383734235d6f67c9d9c0dfe20ed207fa3fe539571566103e2f55ee41cd3c7d6d9019f224594853387f67ccf453aa85ead173fa5059922888c7de3a689745cdc800423fc43522a91ee235704264a60eec90c62d01fde3cdda4f81666c26f8681c08b4a18b447d9971270ce92391e5c54f2537b3f7ff791fe7863daa40f6e0e244a02dab97755b4de554a21973a34dab24815ae0f00010201001b8569aff3bd371c1c7d782df9db0e00468d7806f2b5307f49dd2d4c5507aec96fe0db1fa401a613e021eec225eedf95303d1b2af768c011541086e89933d72b07d56d5a588e96d79906e1672e016fd5694fe694990ded

    EAP-Message =
0x9dc92e8f839a0e40cc7a7563476be125135d91d45ed4b5c978273b5e1d0e30cb655d8d1a011fe0d7c93e21603ee63e618566dbf126d95e68f8bf1e2bfbf8145a3894ddeb74923d45fbac9fdbde4cd7bf070931c74a4a7d3153a4e5de2d74c4f6f6191e639f57d2d18a256f240726a7b3100fec13048cddc9a99f594c82742aeb918959fe193bd1cb691a81fbf413aaba7e57cca12151350d96dc18a4b0af99d63cb68c1a5214a087a21403010001011603010020251f2329bd8931db05f4268228c4258ec07f3d2bb9281b1b83b584b08b75214d

    Message-Authenticator = 0xd97d042e7cb701a8720f28f6c5f1292b

+- entering group authorize

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

    rlm_realm: No '@' in User-Name = testing, looking up realm NULL

    rlm_realm: No such realm NULL

++[suffix] returns noop

  rlm_eap: EAP packet type response id 5 length 253

  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

    users: Matched entry testing at line 91

    expand: Hello, %{User-Name} - Hello, testing

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

rlm_pap: Found existing Auth-Type, not changing it.

++[pap] returns noop

  rad_check_password:  Found Auth-Type EAP

auth: type EAP

+- entering group authenticate

  rlm_eap: Request found, released from the list

  rlm_eap: EAP/tls

  rlm_eap: processing type tls

  rlm_eap_tls: Authenticate

  rlm_eap_tls: processing TLS

  TLS Length 1467

rlm_eap_tls:  Length Included

  eaptls_verify returned 11

  rlm_eap_tls:  TLS 1.0 Handshake [length 037f], Certificate

-- verify error:num=20:unable to get local issuer certificate

  rlm_eap_tls:  TLS 1.0 Alert [length 0002], fatal unknown_ca

TLS Alert write:fatal:unknown CA

    TLS_accept:error in SSLv3 read 

Re: Radius client can not connected!

[Alan DeKok]

Kwok Sianbin wrote:
 I'd been doing this for sometimes and can't get it solved.
 Client try to communicate with server but just can't get it connected.

  Please READ the debug output.  It is telling you what's going wrong.


   rlm_eap_tls:  TLS 1.0 Handshake [length 037f], Certificate
 -- verify error:num=20:unable to get local issuer certificate
   rlm_eap_tls:  TLS 1.0 Alert [length 0002], fatal unknown_ca
 TLS Alert write:fatal:unknown CA
 TLS_accept:error in SSLv3 read client certificate B
 rlm_eap: SSL error error:140890B2:SSL
 routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

  You are doing EAP-TLS.  The certificate presented is from a CA that is
unknown.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html