rlm_eap_peap: No data inside of the tunnel.
gerardma at planet.nl
gerardma at planet.nl
Wed Jan 18 14:08:03 CET 2006
Hi All,
I have a small problem with my FreeRadius configuration.
I have configured FreeRadius with LDAP authentication, this part seems
to work fine.
I am using an Extreme Summit switch, as radius client and I am using
an Windows XP sp2 workstation with PEAP / 802.1x authentication.
What is happing:
First FreeRadius shows this error:
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 086e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
Later on FreeRadius shows:
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
And at the end:
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: group authenticate returns invalid for request 5
auth: Failed to validate the user.
What is going on?
I have included the whole log:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.01.18 10:37:22
=~=~=~=~=~=~=~=~=~=~=~=
rad_recv: Access-Request packet from host 10.61.100.163:1306, id=104,
length=96
User-Name = "gerard"
EAP-Message = 0x0201000b01676572617264
NAS-IP-Address = 10.61.100.163
Service-Type = Login-User
Calling-Station-Id = "00-10-b5-f4-98-0e"
NAS-Port-Type = Ethernet
Message-Authenticator = 0xe19cdef787567dad9b16fa10a14c19c8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gerard
radius_xlat: '(CN=gerard)'
radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to IDIIBSA01D.brasiltelecom.com.br:389,
authentication 0
rlm_ldap: setting TLS CACert File to /etc/raddb/certs/root.b64
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: starting TLS
rlm_ldap: bind as cn=admin,o=btp/novell to
IDIIBSA01D.brasiltelecom.com.br:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp,
with filter (CN=gerard)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gerard authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 104 to 10.61.100.163:1306
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0a085f59b12ad9d7496d5537e1684e39
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.61.100.163:1307, id=144,
length=183
User-Name = "gerard"
EAP-Message =
0x0202005019800000004616030100410100003d030143ce8bd85fe37086d9ba7c2f652
fab40d74ddc70e1d10a9b510dc5a339e1d13200001600040005000a0009006400620003
00060013001200630100
NAS-IP-Address = 10.61.100.163
Service-Type = Login-User
Calling-Station-Id = "00-10-b5-f4-98-0e"
NAS-Port-Type = Ethernet
State = 0x0a085f59b12ad9d7496d5537e1684e39
Message-Authenticator = 0xaa19c30a287bea21f1fc92796bf34875
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gerard
radius_xlat: '(CN=gerard)'
radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp,
with filter (CN=gerard)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gerard authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 086e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 144 to 10.61.100.163:1307
EAP-Message =
0x0103040a19c0000008cb160301004a02000046030143ce3715701f886b5fe1961eb2f
13112fc2c0ecaee638df5e0c6c6e26270fba1208e530e6bfd57cc2d80de3acf32db22e6
eb73bf380cae255e0411e7d5f22cb99f000400160301086e0b00086a000867000432308
2042e30820397a003020102020101300d06092a864886f70d0101050500308193310b30
09060355040613024252310b30090603550408130244463111300f06035504071308427
26173696c696131173015060355040a130e42726173696c2054656c65636f6d310c300a
060355040b1303706f63311630140603550403130d43412046524545524144495553312
5302306092a
EAP-Message =
0x864886f70d0109011616676d616e7376656c646572406e6f76656c6c2e636f6d301e1
70d3036303131373136343631365a170d3037303131373136343631365a308198310b30
09060355040613024252310b30090603550408130244463111300f06035504071308427
26173696c696131173015060355040a130e42726173696c2054656c65636f6d310c300a
060355040b1303706f63311b30190603550403131253657276657220436572746966696
36174653125302306092a864886f70d0109011616676d616e7376656c646572406e6f76
656c6c2e636f6d30819f300d06092a864886f70d010101050003818d003081890281810
0b485b502a7
EAP-Message =
0x2183a9393af8b1ccbe86fb8d30b639f076ef499e033dd64ac09082360210661ae0415
4e1ae1865f38a3d1a52d14512fc131a465e2b23414d1dfe4cece01c8475aca7b86e9592
409e1c40abc1f5399e3d534fe819a5b5497d1893acc4b80a5b4666af178d43f6c80a873
14b606ae939ebf224d97bf82b12d62313330203010001a3820189308201853009060355
1d1304023000303006096086480186f842010d04231621596153542047656e657261746
56420536572766572204365727469666963617465301106096086480186f84201010404
03020640300b0603551d0f040403020520301d0603551d0e041604146891e5076f1932a
70e3b4c6562
EAP-Message =
0x118872dda901533081c00603551d230481b83081b58014b00ac384a4e7d530b3c5f98
c322116e79ee67cdba18199a48196308193310b3009060355040613024252310b300906
03550408130244463111300f0603550407130842726173696c696131173015060355040
a130e42726173696c2054656c65636f6d310c300a060355040b1303706f633116301406
03550403130d434120465245455241444955533125302306092a864886f70d010901161
6676d616e7376656c646572406e6f76656c6c2e636f6d82010030210603551d11041a30
188116676d616e7376656c646572406e6f76656c6c2e636f6d30210603551d12041a301
88116676d61
EAP-Message = 0x6e7376656c646572406e6f76656c6c2e636f6d300d06
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdd3ec07c0191676261d0e4ce0c3fa25b
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.61.100.163:1308, id=154,
length=109
User-Name = "gerard"
EAP-Message = 0x020300061900
NAS-IP-Address = 10.61.100.163
Service-Type = Login-User
Calling-Station-Id = "00-10-b5-f4-98-0e"
NAS-Port-Type = Ethernet
State = 0xdd3ec07c0191676261d0e4ce0c3fa25b
Message-Authenticator = 0xcc29588da47c92c9e269c87affc2869d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gerard
radius_xlat: '(CN=gerard)'
radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp,
with filter (CN=gerard)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gerard authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 154 to 10.61.100.163:1308
EAP-Message =
0x010404061940092a864886f70d0101050500038181000205eecdae633cd135dab90f7
5ca327619de070b396234105574565878af2f12d3b2880c181ec848c291904cd10ac3a1
74d062dc2d973eac54ad1dba922833971d0ed9a206de16af6990257c6746222f1f8ee90
8eabcb3c78bae8fccd77bdd1281f77cd61a91ba4fa020795397efe058881e7746be1cec
ca19d1c564d0fdd5bf00042f3082042b30820394a003020102020100300d06092a86488
6f70d0101050500308193310b3009060355040613024252310b30090603550408130244
463111300f0603550407130842726173696c696131173015060355040a130e427261736
96c2054656c
EAP-Message =
0x65636f6d310c300a060355040b1303706f63311630140603550403130d43412046524
5455241444955533125302306092a864886f70d0109011616676d616e7376656c646572
406e6f76656c6c2e636f6d301e170d3036303131373136343532315a170d31363031313
53136343532315a308193310b3009060355040613024252310b30090603550408130244
463111300f0603550407130842726173696c696131173015060355040a130e427261736
96c2054656c65636f6d310c300a060355040b1303706f63311630140603550403130d43
4120465245455241444955533125302306092a864886f70d0109011616676d616e73766
56c64657240
EAP-Message =
0x6e6f76656c6c2e636f6d30819f300d06092a864886f70d010101050003818d0030818
902818100d4e8aa933101cb98013f00769eb5abb75e56d1f4c814448d5474a8436679a4
86f9145100d85fa7caf44d2eefec155c19fe72a9d4b18d01172e84bf71b4744fdd090e9
6d9407556aac00f7ebd961d0c27de0db43a687f018e4a8960d53c5447a7b26a6d9a29fa
8619a016d035da45920740116060c073bd46ce0afb585c2a845d0203010001a382018b3
0820187300f0603551d130101ff040530030101ff302c06096086480186f842010d041f
161d596153542047656e657261746564204341204365727469666963617465301106096
086480186f8
EAP-Message =
0x420101040403020106300b0603551d0f040403020106301d0603551d0e04160414b00
ac384a4e7d530b3c5f98c322116e79ee67cdb3081c00603551d230481b83081b58014b0
0ac384a4e7d530b3c5f98c322116e79ee67cdba18199a48196308193310b30090603550
40613024252310b30090603550408130244463111300f0603550407130842726173696c
696131173015060355040a130e42726173696c2054656c65636f6d310c300a060355040
b1303706f63311630140603550403130d43412046524545524144495553312530230609
2a864886f70d0109011616676d616e7376656c646572406e6f76656c6c2e636f6d82010
03021060355
EAP-Message = 0x1d11041a30188116676d616e7376656c6465
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7150ed65353ef2022dee73d433e192aa
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.61.100.163:1309, id=159,
length=109
User-Name = "gerard"
EAP-Message = 0x020400061900
NAS-IP-Address = 10.61.100.163
Service-Type = Login-User
Calling-Station-Id = "00-10-b5-f4-98-0e"
NAS-Port-Type = Ethernet
State = 0x7150ed65353ef2022dee73d433e192aa
Message-Authenticator = 0xeaf20f5b61b128ef9986805685fd37c7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gerard
radius_xlat: '(CN=gerard)'
radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp,
with filter (CN=gerard)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gerard authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 159 to 10.61.100.163:1309
EAP-Message =
0x010500d1190072406e6f76656c6c2e636f6d30210603551d12041a30188116676d616
e7376656c646572406e6f76656c6c2e636f6d300d06092a864886f70d01010505000381
8100723c99761ae5cec5d55285ca0707476e79fafbaca909e91f870551f89094aacb0aa
e7e64b67bc4ecff762bfda8179c095976c84ba2b3cc57d76cb4544f1b5a06c74c69cf93
dd5f1bc43a84e7585891f98622a060c5eec233961eacc2280888842637d7e9e54b4e6dc
d8cfc179e26571494b6b048ef971d9f691489795bf0854616030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaa09869be221b1fc5be6bd91ac9be02f
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.61.100.163:1310, id=184,
length=295
User-Name = "gerard"
EAP-Message =
0x020500c01980000000b6160301008610000082008094fb643ad1caa3531226eccee88
35ed0e8622db1b9928d6e525d82d33ba1423dc0ad4e683fb8d019c92fa856aa36797a14
e1ada1a4a35158e57380b44fcd1297deed1faf4cec10e2ab190052d1d3045e103583352
9796813de4427d0ea18660117c755b0b78b3eca7e885c95e68070a088aaeca95583d5ff
ff843923a7f945c9140301000101160301002074b18550966b0547b6ea63b9d2a019481
2f1d5057574c0ff2bea3138ae6b5936
NAS-IP-Address = 10.61.100.163
Service-Type = Login-User
Calling-Station-Id = "00-10-b5-f4-98-0e"
NAS-Port-Type = Ethernet
State = 0xaa09869be221b1fc5be6bd91ac9be02f
Message-Authenticator = 0x26c1db34620f7fba70b88fd10c20a8fe
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gerard
radius_xlat: '(CN=gerard)'
radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp,
with filter (CN=gerard)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gerard authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 184 to 10.61.100.163:1310
EAP-Message =
0x01060031190014030100010116030100201bc94fd6fd777e8b17b635f36e76ce1b931
ae376b4eb525261d9893c440d839f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf58547812f2481d8505e8f93b54b39e6
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.61.100.163:1311, id=194,
length=136
User-Name = "gerard"
EAP-Message =
0x020600211980000000171503010012956ef02404c98a859e53ea90188213b46205
NAS-IP-Address = 10.61.100.163
Service-Type = Login-User
Calling-Station-Id = "00-10-b5-f4-98-0e"
NAS-Port-Type = Ethernet
State = 0xf58547812f2481d8505e8f93b54b39e6
Message-Authenticator = 0x0b6eb59957e0a25f9a24a11464e7bf30
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 33
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gerard
radius_xlat: '(CN=gerard)'
radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp,
with filter (CN=gerard)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gerard authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: group authenticate returns invalid for request 5
auth: Failed to validate the user.
Login incorrect: [gerard] (from client extreme port 0 cli 00-10-b5-f4-
98-0e)
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.61.100.163:1311, id=194,
length=136
Sending Access-Reject of id 194 to 10.61.100.163:1311
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 104 with timestamp 43ce3715
Cleaning up request 1 ID 144 with timestamp 43ce3715
Cleaning up request 2 ID 154 with timestamp 43ce3715
Cleaning up request 3 ID 159 with timestamp 43ce3715
Cleaning up request 4 ID 184 with timestamp 43ce3715
Cleaning up request 5 ID 194 with timestamp 43ce3715
Nothing to do. Sleeping until we see a request.
Thanks guys!
Gerard
More information about the Freeradius-Users
mailing list