EAP/TLS Authentication fail~~~~
孙 强
sumner007 at hotmail.com
Thu Apr 13 08:07:38 CEST 2006
Hi
I want to build a freeradius+openssl server to authenticate 802.1x
and I've installed freeradius-1.0.2 and openssl-0.9.7e
the server is built in RedHat 9 and the client is Odyssey Client Manager in
Windows XP.
now i can use EAP/MD5 get the authentication well.
but when we use EAP/TLS, the client cannot be authenticated ~~
I don't whether it's the problem of the freeradius server configure or CAs
or anyother
I paste the fail information and the freeradius debug infos below.
Please give me some help ,Thanks!
there're such errors:
line242: TLS_accept:error in SSLv3 read client certificate A
line344: rlm_eap_tls: <<< TLS 1.0 Handshake [length 05d2], Certificate
--> verify error:num=18:self signed certificate
line361: rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
5385:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned:s3_srvr.c:1989:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
##the debug infos of freeradius
[root at localhost sbin]# radiusd -X -A
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/root.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/usr/local/etc/raddb/certs/DH"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = yes
tls: check_cert_cn = "%{User-Name}"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
#### this is the authentication data
rad_recv: Access-Request packet from host 172.25.21.203:1030, id=33,
length=109
User-Name = "Sam"
NAS-IP-Address = 172.25.21.203
Framed-MTU = 1496
Called-Station-Id = "00-13-49-15-78-96"
Calling-Station-Id = "00-08-74-a6-b8-4c"
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022100080153616d
Message-Authenticator = 0x58ed4dbf6fa79b236215dc83a69ecb82
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: No '@' in User-Name = "Sam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
rlm_eap: EAP packet type response id 33 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'Sam'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 33 to 172.25.21.203:1030
EAP-Message = 0x012200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xce150ae287970e91fcbfbd09127ff0e2
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.21.203:1030, id=34,
length=219
User-Name = "Sam"
NAS-IP-Address = 172.25.21.203
Framed-MTU = 1496
Called-Station-Id = "00-13-49-15-78-96"
Calling-Station-Id = "00-08-74-a6-b8-4c"
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x022200640d800000005a1603010055010000510301514d44b7482a93ff604361c0d24b7964511cb8acac03b6aa94158eea69d0a1e600002a00160013006600150012000a0005000400070009006300650060006200610064001400110003000600080100
State = 0xce150ae287970e91fcbfbd09127ff0e2
Message-Authenticator = 0xf62dedf8c4304aaa8b9084d455e256f4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_realm: No '@' in User-Name = "Sam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 1
rlm_eap: EAP packet type response id 34 length 100
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'Sam'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0055], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 028b], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0085], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 34 to 172.25.21.203:1030
EAP-Message =
0x012303730d8000000369160301004a02000046030155fe4b40e21929bb32f71055b4c0cd2a02abcb5234c712e5be94a4d71e94a6bd202c07c710ca61dfe6e08dbc7e4aa571dec3f76f2258af432c3b02b2ba2d064f51000a00160301028b0b0002870002840002813082027d308201e6a003020102020900d690ec138d6d5b2d300d06092a864886f70d01010405003074310b300906035504061302434e310b3009060355040813024a53310b3009060355040713025758310e300c060355040a13055a7958454c310c300a060355040b1303535732310c300a0603550403130353616d311f301d06092a864886f70d010901161053616d2053756e40
EAP-Message =
0x7a7978656c2e636e301e170d3132303631383135313034365a170d3133303631383135313034365a3074310b300906035504061302434e310b3009060355040813024a53310b3009060355040713025758310e300c060355040a13055a7958454c310c300a060355040b1303535732310c300a0603550403130353616d311f301d06092a864886f70d010901161053616d2053756e407a7978656c2e636e30819f300d06092a864886f70d010101050003818d0030818902818100ba52e1415fb78b2b99ee0f451a191813f2e9768b99511bd72d993d52508079f7c1cfdc205d1366632406778e7dde1f96bba92f33cdc00fc7d67b5bdcfd210905eca1
EAP-Message =
0xc8af2d74e7fc91aecd9d2ed60b84996bcf64438865277fc825d712cc552c179260b4f3edd53c19884c62a0c40358496d6110963216df8f2f5c5a9c2d08550203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100113ba998589b4180c504aaf6c2a931605e4c884f7c81f8df7c4f9aa2b273e64cc576419a894594a9febee40c9e8e297a102aad70b9e08efa46c9a5adaa817973f61760244aec4e7f1b19600321a32c4f45f12a4b64129dea5a7c346595041703697b3a285582f2e5b54c4843fc0aca173f2ffe923716045ae5d1a96fb711b72816030100850d00007d0201020078
EAP-Message =
0x00763074310b300906035504061302434e310b3009060355040813024a53310b3009060355040713025758310e300c060355040a13055a7958454c310c300a060355040b1303535732310c300a0603550403130353616d311f301d06092a864886f70d010901161053616d2053756e407a7978656c2e636e0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x894b290d4553bf236dab7a5db8f0894a
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.21.203:1030, id=35,
length=1529 User-Name = "Sam"
NAS-IP-Address = 172.25.21.203
Framed-MTU = 1496
Called-Station-Id = "00-13-49-15-78-96"
Calling-Station-Id = "00-08-74-a6-b8-4c"
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x022305780dc00000072016030105d20b0005ce0005cb0002813082027d308201e6a003020102020900d690ec138d6d5b2c300d06092a864886f70d01010405003074310b300906035504061302434e310b3009060355040813024a53310b3009060355040713025758310e300c060355040a13055a7958454c310c300a060355040b1303535732310c300a0603550403130353616d311f301d06092a864886f70d010901161053616d2053756e407a7978656c2e636e301e170d3132303631383135313031375a170d3133303631383135313031375a3074310b300906035504061302434e310b3009060355040813024a53310b300906035504071302
EAP-Message =
0x5758310e300c060355040a13055a7958454c310c300a060355040b1303537732310c300a0603550403130353616d311f301d06092a864886f70d010901161053616d2053756e407a7978656c2e636e30819f300d06092a864886f70d010101050003818d0030818902818100bc70ccb8574f0be248e5579dccc1cb08af4ac56d02b2290766f1fd74356bc42f93170a088e40b4d6b68225bad6df15b68df7a15be8c98a4df21ab036887c046ace42ff02ae171c6b4fa9d1d26a35dea1dfa96e383377300fc7ac9fc200ac11c7a2b92bff95c2eb121eb3e4d749ee1b4093cf1b69a474b9a50ee51a64f10cbf2b0203010001a317301530130603551d2504
EAP-Message =
0x0c300a06082b06010505070302300d06092a864886f70d0101040500038181009cd05e5f9e251b695a0e82817348865521eeb00af1f35ede38ff1b622f47feb8c31c9a79b5892b8b0ea1bbb8d1b3f94075f35d4587642aa1afc1d2645972d313b8966ee0ab7f8a6f5d8360f4167778bc89e05d07053ea1e212e8c54925c06aece5861a5bd0d820c03ffb0a1aa130da26f067dd17b277ecc25584a8670b947f3800034430820340308202a9a003020102020900d690ec138d6d5b2b300d06092a864886f70d01010405003074310b300906035504061302434e310b3009060355040813024a53310b3009060355040713025758310e300c060355040a13
EAP-Message =
0x055a7958454c310c300a060355040b1303535732310c300a0603550403130353616d311f301d06092a864886f70d010901161053616d2053756e407a7978656c2e636e301e170d3132303631383135303935335a170d3134303631383135303935335a3074310b300906035504061302434e310b3009060355040813024a53310b3009060355040713025758310e300c060355040a13055a7958454c310c300a060355040b1303535732310c300a0603550403130353616d311f301d06092a864886f70d010901161053616d2053756e407a7978656c2e636e30819f300d06092a864886f70d010101050003818d0030818902818100b373bed5d07f0c
EAP-Message =
0xcbfe9769892d71807e15feb97661b86fa2a5e332827c75f9cf05e0a8a3f43d45ef641d2ac603b11b015841720ac1be9a250b568f4070b65fe988a012ace24ee29e9ca5f5044a73dfdc3558e63eca6fc48e4601a704c17148e2b8c337ba1f6ddd8049422df495316b96896ad28d8e8ffb7cc8102212027680130203010001a381d93081d6301d0603551d0e04160414ce8042abed0581e6f1e378f37dc77afc543dd21e3081a60603551d2304819e30819b8014ce8042abed0581e6f1e378f37dc77afc543dd21ea178a4763074310b300906035504061302434e310b3009060355040813024a53310b3009060355040713025758310e300c060355040a
EAP-Message =
0x13055a7958454c310c300a060355040b1303535732310c300a0603550403130353616d311f301d06092a864886f70d010901161053616d2053756e407a7978656c2e636e820900d690ec138d6d5b2b300c0603551d13040530030101ff300d06092a864886f70d010104050003818100337ffcd394ec39d477cc6f9d7c58217b78fd1d0857971a
State = 0x894b290d4553bf236dab7a5db8f0894a
Message-Authenticator = 0xb23f9e4b235a60f7434eb38853ec5fbc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_realm: No '@' in User-Name = "Sam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 2
rlm_eap: EAP packet type response id 35 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'Sam'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS First Fragment of the message
eaptls_verify returned 9
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 35 to 172.25.21.203:1030
EAP-Message = 0x012400060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xca244c898e1852b4494ff05fd0068a85
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.21.203:1030, id=36,
length=561
User-Name = "Sam"
NAS-IP-Address = 172.25.21.203
Framed-MTU = 1496
Called-Station-Id = "00-13-49-15-78-96"
Calling-Station-Id = "00-08-74-a6-b8-4c"
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x022401b80d007dd1e5f1b1df308f634b87f1ead9d842e4d04d71ea8ad741aba645ae2170a17681dc3d1c422126606deb89b585b5391cde1d911d8352174fa8356e9302990109da48fb02b0e07c19beb3648accafc52d6a6d9ae2bd84d10568ecc4b07a8d4de2b9286bb431ba516e2a1603010086100000820080487c15acddfb9dc4cb072308587e9ef376c90bafb63619c97548d55ea160653716b3e8dd4320fbde80cff743586d664f6b5f6292a500c251bc8da381f9279f2d4bd416828ed7e7e409d90feb31f9a31c0b395aba788f5f33d051b1d89e08c8cf5aba166e5d2f855a5c3ee50ee9ea7afb6f990e98284a5c75d6520aaba2e1e5b3160301
EAP-Message =
0x00860f00008200801afd253bf4c2af89391d35e69407fbec36aa6ac194f11698e1289c2bca3854fa4eb6448c2c6f2d1f7920dd0731402faa27dd43a168b4f082e237290f83a340ff552dc4ef79bc9d4aadfe298ef440e8e5597a842c5ff74713108221b600e9d0db7540596033de6181730556957c4162f8d69b2b0a1763492c606465e78d0668ff1403010001011603010028105d46dd2521cc9473cc530e9b64ee580bb0950cc3548ff0e0b0e662325fcea856bf7b24816d6a2c
State = 0xca244c898e1852b4494ff05fd0068a85
Message-Authenticator = 0x3d53140a85dc2575e4a2af85179cbeb0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_realm: No '@' in User-Name = "Sam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 3
rlm_eap: EAP packet type response id 36 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'Sam'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 05d2], Certificate
--> verify error:num=18:self signed certificate
radius_xlat: 'Sam'
rlm_eap_tls: checking certificate CN (Sam) with xlat'ed value (Sam)
chain-depth=0,
error=18
--> User-Name = Sam
--> BUF-Name = Sam
--> subject = /C=CN/ST=JS/L=WX/O=ZyXEL/OU=Sw2/CN=Sam/emailAddress=Sam
Sun at zyxel.cn
--> issuer = /C=CN/ST=JS/L=WX/O=ZyXEL/OU=SW2/CN=Sam/emailAddress=Sam
Sun at zyxel.cn
--> verify return:0
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
5385:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
returned:s3_srvr.c:1989:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 36 to 172.25.21.203:1030
EAP-Message = 0x012500110d800000000715030100020230
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbc1cb22c61b7204b53f59c2dd49d9539
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.21.203:1030, id=37,
length=125
User-Name = "Sam"
NAS-IP-Address = 172.25.21.203
Framed-MTU = 1496
Called-Station-Id = "00-13-49-15-78-96"
Calling-Station-Id = "00-08-74-a6-b8-4c"
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022500060d00
State = 0xbc1cb22c61b7204b53f59c2dd49d9539
Message-Authenticator = 0x98b3d6dd9d36516deeb220a74387cd41
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
rlm_realm: No '@' in User-Name = "Sam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 4
rlm_eap: EAP packet type response id 37 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'Sam'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack alert
eaptls_verify returned 4
eaptls_process returned 4
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 4
modcall: group authenticate returns invalid for request 4
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 33 with timestamp 55fe4b40
Cleaning up request 1 ID 34 with timestamp 55fe4b40
Cleaning up request 2 ID 35 with timestamp 55fe4b40
Cleaning up request 3 ID 36 with timestamp 55fe4b40
Sending Access-Reject of id 37 to 172.25.21.203:1030
EAP-Message = 0x04250004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 4 ID 37 with timestamp 55fe4b40
Nothing to do. Sleeping until we see a request.
_________________________________________________________________
享用世界上最大的电子邮件系统― MSN Hotmail。 http://www.hotmail.com
More information about the Freeradius-Users
mailing list