Hi, Thanks for the advice..The problem to generae certs was solved. Now it comes back to existing problem in version 1.1.7 where the client request to server is on and on and never get connected. I wonder why NAS-IP-Address = 0.0.0.0 unlike the other as I know got IP address assigned. Here the log Ready to process requests. User-Name = "MarsNet" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:30:1a:29:03:66" Calling-Station-Id = "00:1c:f0:10:56:b8" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0201000c014d6172734e6574 Message-Authenticator = 0x971de64ca91d1afd0e499d63b8b9aff2 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "MarsNet", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry MarsNet at line 91 expand: Hello, %{User-Name} -> Hello, MarsNet ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Reply-Message = "Hello, MarsNet" EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13382f46133a22a47c694fefa3fc3d08 Finished request 0. Going to the next request Waking up in 4.9 seconds. User-Name = "MarsNet" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:30:1a:29:03:66" Calling-Station-Id = "00:1c:f0:10:56:b8" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" State = 0x13382f46133a22a47c694fefa3fc3d08 EAP-Message = 0x020200500d800000004616030100410100003d03014832660e2f0fb111fc67ba57fe53cac5b6e069fba786f0ec44807023b4284a8800001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x0fe925603be76e65a1404457ac5412b6 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "MarsNet", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry MarsNet at line 91 expand: Hello, %{User-Name} -> Hello, MarsNet ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 084c], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a6], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 ++[eap] returns handled Reply-Message = "Hello, MarsNet" EAP-Message = 0x010304000dc00000094b160301004a020000460301483265fd7c96a0e9fc9713fe93e9d180d22d37c1ae1a232b02433ecfcf033a34206f7a9cb000aa67272b2e95ac37019ecdc8a5bf6c574b0298bf67ddb71033c027000400160301084c0b0008480008450003a13082039d30820285a003020102020101300d06092a864886f70d0101040500308194310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3127302506035504 EAP-Message = 0x03131e4d617273696e646f20436572746966696361746520417574686f72697479301e170d3038303532303034333135355a170d3039303532303034333135355a3076310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e311d301b060355040313144d617273696e646f2053657276657220436572743120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bca7c767561f951c18502242b005f2d0727dc1affd01c9b29918bbd3af268c095b091c EAP-Message = 0xc62304d82d388c4380d586d49eab42a7f82f4b9b86bdb1d5b0889644476f901a737c94349781c611d7d2da2ffbe8de5fa4534c28a4dffb2fbf805a6c9dff87227d8a0fab4dea651fc4223748b75d302ee960e8beda05996d8b2342b841770b030bef53297a177f431184747aa3bdc11f49750b8c603cb589c13583904a9ba6ef6560df8519d5a2dbeb7fe33c8a0ac801bb3e1f68d510b0c82312bd7fcb8d50c6286f3f7a45079625c0b4f9912cc83664227c5d418c10006a230c66172677d3bb4091370b0b871bda07bec0a82ee8f1377d3a8fadf0398f35beea0d89f70203010001a317301530130603551d25040c300a06082b06010505070301300d EAP-Message = 0x06092a864886f70d010104050003820101004fbfef54576f9aac86015d57964cc2def331a16bf997b2b983ec834fb72f42e43b335bf1ad890123b205fac6a64bc0f824f34806cab4532dc9d48c1f827fc8050d3fe13af9df766b71ba58c515eaef089cfc685c5399371f1ef8f123cee3990828942848c20c60c6ab0ef93ba786b829816f24183e53aefeeea6fd11061a320fc0fe871220ad9f403497754f7187b2fe58dbf420af6cbf62297119bf1724539671bd8015dc1cc3a7c55b69cd63a4a2c35d523463ac9f44338f049b9d3b10c330b7d2dc183a1565cba70bb125c57ffdeed44785e3f36d404a094df74380dc1133d675c9aa87a6fd41e8e79f EAP-Message = 0x93bd38749f3d952fe10c35a8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13382f46123b22a47c694fefa3fc3d08 Finished request 1. Going to the next request
Kwok Sianbin <[EMAIL PROTECTED]> wrote: Hi All, I have problem generating client certificate for Windows Xp. # make client.pem openssl req -new -out client.csr -keyout client.key -config ./client.cnf Generating a 2048 bit RSA private key ...................................................................+++ .......+++ writing new private key to 'client.key' ----- openssl ca -batch -keyfile server.key -cert server.crt -in client.csr -key `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf Using configuration from ./client.cnf unable to load certificate 4773:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE make: *** [client.crt] Error 1 I looked in client.cnf and I could not figure out where got wrong! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html