XP won't authenticate with EAP TLS - log shows unknown_ca fatal error
Landon Cox
freeradius at 360vl.com
Fri Aug 5 19:24:38 CEST 2005
Problem statement:
XP won't authenticate with EAP TLS and FreeRADIUS debug logs
(appended) shows unknown_ca fatal error
Background:
I've been following the 3-part series instructions outlined in the
Linux Journal series starting at:
http://www.linuxjournal.com/article/8017
"Paranoid Penguin - Securing WLANs with WPA and FreeRADIUS, Part I"
I chose to start with this article as it was one of the most recent
tutorials I could find on the topic of FreeRADIUS and EAP TLS.
I'm running:
SuSE 9.2 Pro
FreeRADIUS version 1.0.0 Oct 5, 2004, 00:13:22 (installed from
SuSE Yast and distro DVD)
OpenSSL 0.9.7d 17 Mar 2004
I've read everything I can find on unknown_ca but cannot find any
solutions and the Linux Journal article, while good, doesn't do much
to help when something goes wrong. I've made it quite a ways into
this install and think I'm close, but I just do not know where to go
next or what to try.
One question I have on the Linux Journal article: At the point of
using openssl to convert the client cert to pkcs12 format, it says
"You are prompted for client_key.pem's passphrase and then for a new
passphrase for the new file; you can use the same password as before
if you like. You may be tempted to press Enter instead, especially
given that the WPA supplicant in Windows XP works only when you store
its certificates without a passphrases..." I've tried generate the
client p12 file both ways and reimporting to XP's Personal
Certificates to no avail. Is that pkcs12 passphrase assertion still
true for XP supplicant? Either way, with or without, I can't get
this to work, so that must not be the issue.
I have also tried un-checking the "Validate Server Certificate" in
the 802.1x settings of XP for that Access Point. I get the same
error, so the error seems to indicate an issue with not being able to
deal with the client side cert?
I've imported both the cacert.pem into my Trusted Root Certs in XP
and the client_cert.p12 into "Personal->Certificates". There were
no steps indicated I needed to import server cert on the XP side
(which doesn't make sense anyway...just noting here that for
diagnostic purposes.)
Any help towards solving this issue would be very much appreciated.
Now for the debug log:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/server_key.pem"
tls: certificate_file = "/etc/raddb/certs/server_cert.pem"
tls: CA_file = "/etc/raddb/certs/cacert.pem"
tls: private_key_password = "capasswd"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/
detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=165,
length=167
Message-Authenticator = 0x70dbfbdbb80a0132ab36ea91639115a7
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200000a01333630564c
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 165 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xeb75fcb695cff41098dcdde96721a715
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=166,
length=255
Message-Authenticator = 0x1a26f3a01ff1ea192ae8660258ff07a3
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0xeb75fcb695cff41098dcdde96721a715
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020100500d800000004616030100410100003d030142f390d929fcbdc42804368a39fe
a1de8e5033352c8556ede0a5f441cfb7492300001600040005000a000900640062000300
060013001200630100
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 062b], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 166 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0102040a0dc00000071d160301004a02000046030142f390985a8abe09d131a2f9e13d
fecad96ddd392d9d8b3070c9b63cae9e8e6c20f18fbf2845995fae88dae4ee8b3a17fbdd
1c58f26c914d243f432c3f12a12850000400160301062b0b0006270006240002ac308202
a830820211a003020102020101300d06092a864886f70d0101040500308187310b300906
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648
86f7
EAP-Message =
0x0d010901160e696e666f40333630766c2e636f6d301e170d3035303830353135313034
305a170d3036303830353135313034305a308192310b3009060355040613025553311130
0f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f20
537072696e6773311b3019060355040a1312333630564c20496e636f72706f7261746564
3119301706035504031310636f707065722e333630766c2e636f6d311d301b06092a8648
86f70d010901160e696e666f40333630766c2e636f6d30819f300d06092a864886f70d01
0101050003818d0030818902818100b2a8e575361b42490538c4ed2247ad4df5abc181da
c9ed
EAP-Message =
0x95d835a509bf155163928ba6119defdbfab08ee7a195f6d7dc261d1ff95994f8cca744
57327260e5814422485945ee4714ecb35820520be84ff4620497cd4daa6bbe6780b07b73
ea7452db5a55684b2c13d40d0e2add84c7979c056f2a17fe1b96fb3afd85f6bddfc50203
010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886
f70d0101040500038181001ac5a999fdb7bb40a77a34ecff459e4bbed2583cc0cca87080
566061428bb88ad090c7db85db96c07dc195a512bdae84849c112036af44b9320e8c0c91
35a6f502731fe2507dbf3a337317f739c70a561f3c7d9504293301a6b321574d22509f69
6948
EAP-Message =
0xe479ed655c56041259d23a0713e28a6206517e4e10349839d5dfee6a56000372308203
6e308202d7a003020102020100300d06092a864886f70d0101040500308187310b300906
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648
86f70d010901160e696e666f40333630766c2e636f6d301e170d30353038303531353036
32355a170d3036303830353135303632355a308187310b30090603550406130255533111
300f
EAP-Message = 0x06035504081308436f6c6f7261646f31193017060355
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5258593a428dfd0124288d31ba9eb20
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=167,
length=181
Message-Authenticator = 0x7a06c1de0bcf813186df0d4425d9f50e
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0xc5258593a428dfd0124288d31ba9eb20
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020200060d00
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 167 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010303270d800000071d04071310436f6c6f7261646f20537072696e6773311b301906
0355040a1312333630564c20496e636f72706f7261746564310e300c0603550403130533
3630564c311d301b06092a864886f70d010901160e696e666f40333630766c2e636f6d30
819f300d06092a864886f70d010101050003818d0030818902818100c1e36a58cf62e3ae
df95552d32ec708012aded9061932aee060840cae5a20c8fa8ea72ba1f21253454a79c27
799f309812d703e7bcf414044dfc3b8ea2702c0cb9a912a15e110962d8c5229ea6e7404e
c1b28bb85f69c93f503dc4195926e8f0f621aacb7337fd8da8af009e6d5896647af6c198
5955
EAP-Message =
0x1e5ce9db7367fd90c8870203010001a381e73081e4301d0603551d0e04160414ca07e0
025ebeb3f17c26b027e597f97cfc5777493081b40603551d230481ac3081a98014ca07e0
025ebeb3f17c26b027e597f97cfc577749a1818da4818a308187310b3009060355040613
0255533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c
6f7261646f20537072696e6773311b3019060355040a1312333630564c20496e636f7270
6f7261746564310e300c06035504031305333630564c311d301b06092a864886f70d0109
01160e696e666f40333630766c2e636f6d820100300c0603551d13040530030101ff300d
0609
EAP-Message =
0x2a864886f70d01010405000381810053b790c3ef4f488e5b3c018545d4d2b91ab028c4
7c547ecbdff6a152f80b52c4f6fbc3d074779ed87fb047a844bc473d6c417048b74409df
5727543b8da49cef8c651ac4598c27ce116d58c5fa0337e44e1b81c2a72935f2e2e13a8b
8ebbcc883c9135de3a11e8798abe9fb7828028d0c2ab4542e13ff7c629214fed18f086f5
16030100990d000091020102008c008a308187310b30090603550406130255533111300f
06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f2053
7072696e6773311b3019060355040a1312333630564c20496e636f72706f726174656431
0e30
EAP-Message =
0x0c06035504031305333630564c311d301b06092a864886f70d010901160e696e666f40
333630766c2e636f6d0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd3a7a2876fe028447b05a62c6f56ea76
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=168,
length=1190
Message-Authenticator = 0x0a1661fc6d58ef65de8bf05f6a442100
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0xd3a7a2876fe028447b05a62c6f56ea76
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020303f10d80000003e716030103b70b0002a70002a40002a13082029d30820206a003
020102020102300d06092a864886f70d0101040500308187310b30090603550406130255
533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f72
61646f20537072696e6773311b3019060355040a1312333630564c20496e636f72706f72
61746564310e300c06035504031305333630564c311d301b06092a864886f70d01090116
0e696e666f40333630766c2e636f6d301e170d3035303830353135313335335a170d3036
303830353135313335335a308187310b30090603550406130255533111300f0603550408
1308
EAP-Message =
0x436f6c6f7261646f3119301706035504071310436f6c6f7261646f20537072696e6773
311b3019060355040a1312333630564c20496e636f72706f7261746564310e300c060355
04031305333630564c311d301b06092a864886f70d010901160e696e666f40333630766c
2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ccbbdc
b09846dcd91ca4d52b83d090144dd17379a121e0dfe4333eac31e4ecab9ddc5c161f372a
c3d29dd07620ab1ef80302682a2e74a9715690651458d601326a99eccb3c8f07bd7db896
d5797a559e1480a2691afd76ae30f91b952705e315fc1c4a6072b442aa78f05946338ef8
5b9c
EAP-Message =
0xf9dde843c5bc1ece843f1414d4444d0203010001a317301530130603551d25040c300a
06082b06010505070302300d06092a864886f70d010104050003818100763976dd9a2f05
81394d8cf9680bc788e97e06a77759d79cb50f4b1d06dcad24112081efbfeb6850e8131a
60e4a7406708d93005ab50cc5448c1caa94ff090f42645f0e0dd0bdb85742f8c804fed33
2f48d68f5ebb4f327a4ecd1452b6032eb6f657d2867659380235bab98316528ec20b9855
5d5bdf93d8c594ef593b3f81911000008200809f1ebfd92a15800034c04c8a49af03ace9
740f760bce20bcfa1d54e882e44b5a61852c476702eeffbf1c9380c5e56cc8fc647b82fd
b28b
EAP-Message =
0x7688f3c1ab9f0d9e688800c158a425f464d06eea90583411d1603ab65f6f6d0aa7901a
6b288a16d1f745834497f99a0659c77bbdce4d4f9239373ab40b99857ab10f8de72bc9c9
74160f00008200802c85ac1155a0e0cce2716888890728287ac6d449ecfaf9480420f31a
9d04c4ffddab974cfddb9c992682fb94e4ba1adbdc8807fdff0f350a9ded1e9d17572796
8054e1f879072230dbfde1bc60f581554d7c54b5745f9bed2f86dceaf11e152462d0ba71
7df029f3753e3679803160309931f5eeb10fa4a2b3df4876ae0aa8631403010001011603
0100205cae2f6bb96df0c4d92cbb42362de07293ecd73f2f2e48f7ce42f235107820db
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 02ab], Certificate
--> verify error:num=18:self signed certificate
chain-depth=0,
error=18
--> User-Name = 360VL
--> BUF-Name = 360VL
--> subject = /C=US/ST=Colorado/L=Colorado Springs/O=360VL
Incorporated/CN=360VL/emailAddress=emailwithheld
--> issuer = /C=US/ST=Colorado/L=Colorado Springs/O=360VL
Incorporated/CN=360VL/emailAddress=emailwithheld
--> verify return:0
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 168 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010400110d800000000715030100020230
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x107dc1452fdb7d1314512bc4d7d9b173
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=169,
length=181
Message-Authenticator = 0x4fe8511906befacbdea9b16b43158663
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0x107dc1452fdb7d1314512bc4d7d9b173
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020400060d00
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack alert
eaptls_verify returned 4
eaptls_process returned 4
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 4
modcall: group authenticate returns invalid for request 4
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=169,
length=181
Sending Access-Reject of id 169 to 192.168.5.59:1075
EAP-Message = 0x04040004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=170,
length=167
Message-Authenticator = 0x8071ba7139288a5d4eaf417b07e8488a
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200000a01333630564c
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 170 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b76a7305f1a54c116e95a56da193528
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=171,
length=167
Message-Authenticator = 0x536ad3d398545cb133dd088d08575af0
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0202000a01333630564c
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 2 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 171 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0a7243677871b927d0cd5d13a0eb4166
Finished request 6
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=172,
length=255
Message-Authenticator = 0xbbc4d103a1ea7017be31b1f93cc303b7
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0x0a7243677871b927d0cd5d13a0eb4166
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020300500d800000004616030100410100003d030142f390db8a634fbe9ea8d2cb1a86
cc43d9d6cc7be556720178af5cbbf49af4b400001600040005000a000900640062000300
060013001200630100
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 062b], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 172 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0104040a0dc00000071d160301004a02000046030142f3909a4e2851d1e4bd63c58a11
4fb87326da069a327e9ce84767108513edfd206424e4a88c3433368a8e62962cf0f4dca7
507a95f1d61e0c052687dbd817b4cb000400160301062b0b0006270006240002ac308202
a830820211a003020102020101300d06092a864886f70d0101040500308187310b300906
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648
86f7
EAP-Message =
0x0d010901160e696e666f40333630766c2e636f6d301e170d3035303830353135313034
305a170d3036303830353135313034305a308192310b3009060355040613025553311130
0f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f20
537072696e6773311b3019060355040a1312333630564c20496e636f72706f7261746564
3119301706035504031310636f707065722e333630766c2e636f6d311d301b06092a8648
86f70d010901160e696e666f40333630766c2e636f6d30819f300d06092a864886f70d01
0101050003818d0030818902818100b2a8e575361b42490538c4ed2247ad4df5abc181da
c9ed
EAP-Message =
0x95d835a509bf155163928ba6119defdbfab08ee7a195f6d7dc261d1ff95994f8cca744
57327260e5814422485945ee4714ecb35820520be84ff4620497cd4daa6bbe6780b07b73
ea7452db5a55684b2c13d40d0e2add84c7979c056f2a17fe1b96fb3afd85f6bddfc50203
010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886
f70d0101040500038181001ac5a999fdb7bb40a77a34ecff459e4bbed2583cc0cca87080
566061428bb88ad090c7db85db96c07dc195a512bdae84849c112036af44b9320e8c0c91
35a6f502731fe2507dbf3a337317f739c70a561f3c7d9504293301a6b321574d22509f69
6948
EAP-Message =
0xe479ed655c56041259d23a0713e28a6206517e4e10349839d5dfee6a56000372308203
6e308202d7a003020102020100300d06092a864886f70d0101040500308187310b300906
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648
86f70d010901160e696e666f40333630766c2e636f6d301e170d30353038303531353036
32355a170d3036303830353135303632355a308187310b30090603550406130255533111
300f
EAP-Message = 0x06035504081308436f6c6f7261646f31193017060355
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc2b080bfcb34d8cbd3fbbb69d15050d3
Finished request 7
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=173,
length=181
Message-Authenticator = 0x7f76805cf32b6ca33cfdf4e43a6667f5
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0xc2b080bfcb34d8cbd3fbbb69d15050d3
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020400060d00
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 173 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010503270d800000071d04071310436f6c6f7261646f20537072696e6773311b301906
0355040a1312333630564c20496e636f72706f7261746564310e300c0603550403130533
3630564c311d301b06092a864886f70d010901160e696e666f40333630766c2e636f6d30
819f300d06092a864886f70d010101050003818d0030818902818100c1e36a58cf62e3ae
df95552d32ec708012aded9061932aee060840cae5a20c8fa8ea72ba1f21253454a79c27
799f309812d703e7bcf414044dfc3b8ea2702c0cb9a912a15e110962d8c5229ea6e7404e
c1b28bb85f69c93f503dc4195926e8f0f621aacb7337fd8da8af009e6d5896647af6c198
5955
EAP-Message =
0x1e5ce9db7367fd90c8870203010001a381e73081e4301d0603551d0e04160414ca07e0
025ebeb3f17c26b027e597f97cfc5777493081b40603551d230481ac3081a98014ca07e0
025ebeb3f17c26b027e597f97cfc577749a1818da4818a308187310b3009060355040613
0255533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c
6f7261646f20537072696e6773311b3019060355040a1312333630564c20496e636f7270
6f7261746564310e300c06035504031305333630564c311d301b06092a864886f70d0109
01160e696e666f40333630766c2e636f6d820100300c0603551d13040530030101ff300d
0609
EAP-Message =
0x2a864886f70d01010405000381810053b790c3ef4f488e5b3c018545d4d2b91ab028c4
7c547ecbdff6a152f80b52c4f6fbc3d074779ed87fb047a844bc473d6c417048b74409df
5727543b8da49cef8c651ac4598c27ce116d58c5fa0337e44e1b81c2a72935f2e2e13a8b
8ebbcc883c9135de3a11e8798abe9fb7828028d0c2ab4542e13ff7c629214fed18f086f5
16030100990d000091020102008c008a308187310b30090603550406130255533111300f
06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f2053
7072696e6773311b3019060355040a1312333630564c20496e636f72706f726174656431
0e30
EAP-Message =
0x0c06035504031305333630564c311d301b06092a864886f70d010901160e696e666f40
333630766c2e636f6d0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x46be83586ea1540428f18bc0d43999e2
Finished request 8
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=174,
length=1190
Message-Authenticator = 0x3ea36373b58083333020105f98fcc6f9
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0x46be83586ea1540428f18bc0d43999e2
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020503f10d80000003e716030103b70b0002a70002a40002a13082029d30820206a003
020102020102300d06092a864886f70d0101040500308187310b30090603550406130255
533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f72
61646f20537072696e6773311b3019060355040a1312333630564c20496e636f72706f72
61746564310e300c06035504031305333630564c311d301b06092a864886f70d01090116
0e696e666f40333630766c2e636f6d301e170d3035303830353135313335335a170d3036
303830353135313335335a308187310b30090603550406130255533111300f0603550408
1308
EAP-Message =
0x436f6c6f7261646f3119301706035504071310436f6c6f7261646f20537072696e6773
311b3019060355040a1312333630564c20496e636f72706f7261746564310e300c060355
04031305333630564c311d301b06092a864886f70d010901160e696e666f40333630766c
2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ccbbdc
b09846dcd91ca4d52b83d090144dd17379a121e0dfe4333eac31e4ecab9ddc5c161f372a
c3d29dd07620ab1ef80302682a2e74a9715690651458d601326a99eccb3c8f07bd7db896
d5797a559e1480a2691afd76ae30f91b952705e315fc1c4a6072b442aa78f05946338ef8
5b9c
EAP-Message =
0xf9dde843c5bc1ece843f1414d4444d0203010001a317301530130603551d25040c300a
06082b06010505070302300d06092a864886f70d010104050003818100763976dd9a2f05
81394d8cf9680bc788e97e06a77759d79cb50f4b1d06dcad24112081efbfeb6850e8131a
60e4a7406708d93005ab50cc5448c1caa94ff090f42645f0e0dd0bdb85742f8c804fed33
2f48d68f5ebb4f327a4ecd1452b6032eb6f657d2867659380235bab98316528ec20b9855
5d5bdf93d8c594ef593b3f819110000082008017b86f4025160fcf01c703fc64ae1cc08b
cc734196507bddff87d6cfe97ae57f284a98976ab69f278c20d9e29eb37dca36c06b2ffb
eca3
EAP-Message =
0x8fa19bb0e069266e74d2fd52e4c784892cf6eed652723b7b1800acfc0f79d324f13b5c
ea2819b4c710a126b5182cf510b36901e8175571a25908b4432f580dafbf5f344f1dacdc
d03f0f000082008022b85e222f7e51d8ab7064bb66fdcfaa4e5e19533975f958ce4232d2
2923fb753b05d8a631506848aefd3a4ad6cf1425935cf0b8ac3054b608c394b1d35a0646
eafc858c495206d9cb277a3129aff3bab030f860e4387e235b2e5c53219c5e86c5f3eee1
1ad88feea95fdb327a920ed287142a9c19d1807ae88af91c7e93e2ab1403010001011603
010020d30f49c2ee685496c0b673f3c30ace4e9d068b37f57937dee17f73cc7aee525e
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 5 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 02ab], Certificate
--> verify error:num=18:self signed certificate
chain-depth=0,
error=18
--> User-Name = 360VL
--> BUF-Name = 360VL
--> subject = /C=US/ST=Colorado/L=Colorado Springs/O=360VL
Incorporated/CN=360VL/emailAddress=emailwithheld
--> issuer = /C=US/ST=Colorado/L=Colorado Springs/O=360VL
Incorporated/CN=360VL/emailAddress=emailwithheld
--> verify return:0
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 174 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010600110d800000000715030100020230
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfc76e05422193720d431a9e96db434ad
Finished request 9
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=175,
length=181
Message-Authenticator = 0x3cb38e214ac8af13cae93335934db928
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0xfc76e05422193720d431a9e96db434ad
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020600060d00
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
modcall[authorize]: module "preprocess" returns ok for request 10
modcall[authorize]: module "chap" returns noop for request 10
modcall[authorize]: module "mschap" returns noop for request 10
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 10
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 10
modcall: group authorize returns updated for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack alert
eaptls_verify returned 4
eaptls_process returned 4
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 10
modcall: group authenticate returns invalid for request 10
auth: Failed to validate the user.
Delaying request 10 for 1 seconds
Finished request 10
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=175,
length=181
Sending Access-Reject of id 175 to 192.168.5.59:1075
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=176,
length=167
Message-Authenticator = 0xed8dfb1d74dd2d45a5aa491086fc34d7
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200000a01333630564c
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
modcall[authorize]: module "chap" returns noop for request 11
modcall[authorize]: module "mschap" returns noop for request 11
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 11
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 11
modcall: group authorize returns updated for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 11
modcall: group authenticate returns handled for request 11
Sending Access-Challenge of id 176 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x477c55c8220b91dbaaf48dec55693784
Finished request 11
Going to the next request
--- Walking the entire request list ---
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=177,
length=167
Message-Authenticator = 0xf2ffc7d2b55b48a295ea98c02dd2beba
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0202000a01333630564c
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
modcall[authorize]: module "preprocess" returns ok for request 12
modcall[authorize]: module "chap" returns noop for request 12
modcall[authorize]: module "mschap" returns noop for request 12
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 12
rlm_eap: EAP packet type response id 2 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 12
modcall: group authorize returns updated for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 12
modcall: group authenticate returns handled for request 12
Sending Access-Challenge of id 177 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5132de59d6e9fa7406d5a3a7fd916460
Finished request 12
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=178,
length=255
Message-Authenticator = 0x1dd14c9ef65e83a0230f1870c2339f1d
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0x5132de59d6e9fa7406d5a3a7fd916460
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020300500d800000004616030100410100003d030142f390ddb61a462925787781e43b
633cd37484dcbb2f065295ea83ef3f32d69d00001600040005000a000900640062000300
060013001200630100
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 13
modcall: group authorize returns updated for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 062b], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 13
modcall: group authenticate returns handled for request 13
Sending Access-Challenge of id 178 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0104040a0dc00000071d160301004a02000046030142f3909c147f72795543365b423d
357307980b8bfeadf7b73a6872c7d925d1b220dd77b106135ce0d8f7882941c54cfa5c9a
db0969ab8fac2df1d21b212c9ef0ad000400160301062b0b0006270006240002ac308202
a830820211a003020102020101300d06092a864886f70d0101040500308187310b300906
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648
86f7
EAP-Message =
0x0d010901160e696e666f40333630766c2e636f6d301e170d3035303830353135313034
305a170d3036303830353135313034305a308192310b3009060355040613025553311130
0f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f20
537072696e6773311b3019060355040a1312333630564c20496e636f72706f7261746564
3119301706035504031310636f707065722e333630766c2e636f6d311d301b06092a8648
86f70d010901160e696e666f40333630766c2e636f6d30819f300d06092a864886f70d01
0101050003818d0030818902818100b2a8e575361b42490538c4ed2247ad4df5abc181da
c9ed
EAP-Message =
0x95d835a509bf155163928ba6119defdbfab08ee7a195f6d7dc261d1ff95994f8cca744
57327260e5814422485945ee4714ecb35820520be84ff4620497cd4daa6bbe6780b07b73
ea7452db5a55684b2c13d40d0e2add84c7979c056f2a17fe1b96fb3afd85f6bddfc50203
010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886
f70d0101040500038181001ac5a999fdb7bb40a77a34ecff459e4bbed2583cc0cca87080
566061428bb88ad090c7db85db96c07dc195a512bdae84849c112036af44b9320e8c0c91
35a6f502731fe2507dbf3a337317f739c70a561f3c7d9504293301a6b321574d22509f69
6948
EAP-Message =
0xe479ed655c56041259d23a0713e28a6206517e4e10349839d5dfee6a56000372308203
6e308202d7a003020102020100300d06092a864886f70d0101040500308187310b300906
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648
86f70d010901160e696e666f40333630766c2e636f6d301e170d30353038303531353036
32355a170d3036303830353135303632355a308187310b30090603550406130255533111
300f
EAP-Message = 0x06035504081308436f6c6f7261646f31193017060355
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x65e62c501c4cec769c8d45a40faf9a67
Finished request 13
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=179,
length=181
Message-Authenticator = 0x4b1d387a1df61d3afeff11b22d27432f
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0x65e62c501c4cec769c8d45a40faf9a67
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020400060d00
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 14
modcall: group authorize returns updated for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 14
modcall: group authenticate returns handled for request 14
Sending Access-Challenge of id 179 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010503270d800000071d04071310436f6c6f7261646f20537072696e6773311b301906
0355040a1312333630564c20496e636f72706f7261746564310e300c0603550403130533
3630564c311d301b06092a864886f70d010901160e696e666f40333630766c2e636f6d30
819f300d06092a864886f70d010101050003818d0030818902818100c1e36a58cf62e3ae
df95552d32ec708012aded9061932aee060840cae5a20c8fa8ea72ba1f21253454a79c27
799f309812d703e7bcf414044dfc3b8ea2702c0cb9a912a15e110962d8c5229ea6e7404e
c1b28bb85f69c93f503dc4195926e8f0f621aacb7337fd8da8af009e6d5896647af6c198
5955
EAP-Message =
0x1e5ce9db7367fd90c8870203010001a381e73081e4301d0603551d0e04160414ca07e0
025ebeb3f17c26b027e597f97cfc5777493081b40603551d230481ac3081a98014ca07e0
025ebeb3f17c26b027e597f97cfc577749a1818da4818a308187310b3009060355040613
0255533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c
6f7261646f20537072696e6773311b3019060355040a1312333630564c20496e636f7270
6f7261746564310e300c06035504031305333630564c311d301b06092a864886f70d0109
01160e696e666f40333630766c2e636f6d820100300c0603551d13040530030101ff300d
0609
EAP-Message =
0x2a864886f70d01010405000381810053b790c3ef4f488e5b3c018545d4d2b91ab028c4
7c547ecbdff6a152f80b52c4f6fbc3d074779ed87fb047a844bc473d6c417048b74409df
5727543b8da49cef8c651ac4598c27ce116d58c5fa0337e44e1b81c2a72935f2e2e13a8b
8ebbcc883c9135de3a11e8798abe9fb7828028d0c2ab4542e13ff7c629214fed18f086f5
16030100990d000091020102008c008a308187310b30090603550406130255533111300f
06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f2053
7072696e6773311b3019060355040a1312333630564c20496e636f72706f726174656431
0e30
EAP-Message =
0x0c06035504031305333630564c311d301b06092a864886f70d010901160e696e666f40
333630766c2e636f6d0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x031c5f5e68c7d536cfa34b376c9b050a
Finished request 14
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=180,
length=1190
Message-Authenticator = 0x1491be9e5a592e4eae8a415b232ab21e
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0x031c5f5e68c7d536cfa34b376c9b050a
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020503f10d80000003e716030103b70b0002a70002a40002a13082029d30820206a003
020102020102300d06092a864886f70d0101040500308187310b30090603550406130255
533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f72
61646f20537072696e6773311b3019060355040a1312333630564c20496e636f72706f72
61746564310e300c06035504031305333630564c311d301b06092a864886f70d01090116
0e696e666f40333630766c2e636f6d301e170d3035303830353135313335335a170d3036
303830353135313335335a308187310b30090603550406130255533111300f0603550408
1308
EAP-Message =
0x436f6c6f7261646f3119301706035504071310436f6c6f7261646f20537072696e6773
311b3019060355040a1312333630564c20496e636f72706f7261746564310e300c060355
04031305333630564c311d301b06092a864886f70d010901160e696e666f40333630766c
2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ccbbdc
b09846dcd91ca4d52b83d090144dd17379a121e0dfe4333eac31e4ecab9ddc5c161f372a
c3d29dd07620ab1ef80302682a2e74a9715690651458d601326a99eccb3c8f07bd7db896
d5797a559e1480a2691afd76ae30f91b952705e315fc1c4a6072b442aa78f05946338ef8
5b9c
EAP-Message =
0xf9dde843c5bc1ece843f1414d4444d0203010001a317301530130603551d25040c300a
06082b06010505070302300d06092a864886f70d010104050003818100763976dd9a2f05
81394d8cf9680bc788e97e06a77759d79cb50f4b1d06dcad24112081efbfeb6850e8131a
60e4a7406708d93005ab50cc5448c1caa94ff090f42645f0e0dd0bdb85742f8c804fed33
2f48d68f5ebb4f327a4ecd1452b6032eb6f657d2867659380235bab98316528ec20b9855
5d5bdf93d8c594ef593b3f81911000008200804992c539a78d668390fe37e7791bfd398c
439a5bb8b3899c906dc1112606f7e03ed376d7ccf86c0f2ce99988117f04c59225c98b5f
a5bc
EAP-Message =
0x3136bbbdec6f4745dcc502e3e287131e93241f624c2b2042af8985203ec6098b9069ef
29594e7d936ac6599f22a890787ee14d7c3f1d6e2fadcb305e5cce766d0e0a338980aebb
24420f00008200804465675875b0c9ec0bb347d497a635a948b2387604fe5a9c4cdec47a
2ab70b371279d0a7e05007fbfee9c45cf57b3e8fb016d1099ab443ef08d21570577706e8
09de1a74e65c69f739207b2b2de53ff5d8bf1a87141f098dc5f9516ca817919fc1847728
8a79bfc711dcaabb47645e61f641653f91ce6f9f03d9b3050b89ad421403010001011603
010020aa8f644dc9b4649dd21740ab8541ccb568e37a47cae11a0173e6e50a616b483d
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: EAP packet type response id 5 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 15
modcall: group authorize returns updated for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 02ab], Certificate
--> verify error:num=18:self signed certificate
chain-depth=0,
error=18
--> User-Name = 360VL
--> BUF-Name = 360VL
--> subject = /C=US/ST=Colorado/L=Colorado Springs/O=360VL
Incorporated/CN=360VL/emailAddress=emailwithheld
--> issuer = /C=US/ST=Colorado/L=Colorado Springs/O=360VL
Incorporated/CN=360VL/emailAddress=emailwithheld
--> verify return:0
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 15
modcall: group authenticate returns handled for request 15
Sending Access-Challenge of id 180 to 192.168.5.59:1075
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010600110d800000000715030100020230
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc8ab204f06d545924a370c20bd5b91c4
Finished request 15
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=181,
length=181
Message-Authenticator = 0x212a50be58cd4ed3d2bb744a9400d174
Service-Type = Framed-User
User-Name = "360VL"
Framed-MTU = 1488
State = 0xc8ab204f06d545924a370c20bd5b91c4
Called-Station-Id = "000FB57A156E:360VL"
Calling-Station-Id = "000BCD56E3CB"
NAS-Identifier = "360VL"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020600060d00
NAS-IP-Address = 192.168.5.59
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
modcall[authorize]: module "preprocess" returns ok for request 16
modcall[authorize]: module "chap" returns noop for request 16
modcall[authorize]: module "mschap" returns noop for request 16
rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 16
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 16
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 16
modcall: group authorize returns updated for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack alert
eaptls_verify returned 4
eaptls_process returned 4
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 16
modcall: group authenticate returns invalid for request 16
auth: Failed to validate the user.
Delaying request 16 for 1 seconds
Finished request 16
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=181,
length=181
Sending Access-Reject of id 181 to 192.168.5.59:1075
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 165 with timestamp 42f39098
Cleaning up request 1 ID 166 with timestamp 42f39098
Cleaning up request 2 ID 167 with timestamp 42f39098
Cleaning up request 3 ID 168 with timestamp 42f39098
Cleaning up request 4 ID 169 with timestamp 42f39098
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 170 with timestamp 42f3909a
Cleaning up request 6 ID 171 with timestamp 42f3909a
Cleaning up request 7 ID 172 with timestamp 42f3909a
Cleaning up request 8 ID 173 with timestamp 42f3909a
Cleaning up request 9 ID 174 with timestamp 42f3909a
Cleaning up request 10 ID 175 with timestamp 42f3909a
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 11 ID 176 with timestamp 42f3909c
Cleaning up request 12 ID 177 with timestamp 42f3909c
Cleaning up request 13 ID 178 with timestamp 42f3909c
Cleaning up request 14 ID 179 with timestamp 42f3909c
Cleaning up request 15 ID 180 with timestamp 42f3909c
Cleaning up request 16 ID 181 with timestamp 42f3909c
Nothing to do. Sleeping until we see a request.
More information about the Freeradius-Users
mailing list