Freeradius + OpenLDAP - user password problem

K. Hoercher wbhoer at gmail.com
Wed Aug 23 16:42:52 CEST 2006 

<sigh>

On 8/23/06, Tilen <lutemberg at gmail.com> wrote:
> I get Access-Reject, whole debug log is here:

That is obviously a false statement. While eventually not decisive,
the output from startup is missing. Some Requests prior to #4 are
missing, which might already be more interesting.  Finally you seem to
have edited the output in an ill-advised manner here:
[...]
>  rad_recv: Access-Request packet from host 192.168.1.1:3072, id=0,
> length=147
>          User-Name = "test"
>
>          NAS-IP-Address = 192.168.1.1
>          Called-Station-Id = "004010100003"
>          Calling-Station-Id = "000e3557c74e"
>          NAS-Identifier = "004010100003"
>          NAS-Port = 30
>          Framed-MTU = 1400
>          State = 0x78d2170e45bcb6eac38f66525f681d9e
>      Message-Authenticator =
> 0x90ba3baf012b7509c5c4c985a5452b26

Message-Authenticator is misaligned and EAP-Message is missing, which
is definetly prohibiting the checking against the behaviour further
down (which does indeed look peculiar, and is not the standard openssl
error one would have guest from your previous truncations).

>    rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
>  TLS Alert read:fatal:unknown CA
>      TLS_accept:failed in SSLv3 read client certificate A
>  3239:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
> ca:s3_pkt.c:1052:SSL alert number 48
>  3239:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
> failure:s3_pkt.c:837:
>  rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
>  In SSL Handshake Phase
>  In SSL Accept mode
>  rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
>    eaptls_process returned 13

_Again_ please see to provide details as has been requested numerous
times. Some sniffing on the radius server might be helpful here too.
I'll refrain from looking into that as long as I have to play some
sort of detective to even get to know what is going on on your
installation.

regards
K. Hoercher

More information about the Freeradius-Users mailing list