eap-tls and checking crl

Stefan Nowak stefek143 at wp.pl
Sat Jul 14 15:51:11 CEST 2007


this is all logs from radiusd -X:


Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.9:1812, id=11, 
length=140
        NAS-IP-Address = 192.168.1.9
        NAS-Port = 50003
        NAS-Port-Type = Ethernet
        User-Name = "klient"
        Called-Station-Id = "00-0F-F7-54-C3-03"
        Calling-Station-Id = "00-11-09-26-48-FA"
        Service-Type = Framed-User
        Framed-MTU = 1500
        State = 0x01a863756b2ba130f66e9727b986f126
        EAP-Message = 0x020a00060d00
        Message-Authenticator = 0x2304361a723e66a2de23e5efa06788ba
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "klient", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: EAP packet type response id 10 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry DEFAULT at line 190
  modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 11 to 192.168.1.9 port 1812
        Framed-Compression = Van-Jacobson-TCP-IP
        EAP-Message = 
0x010b00cd0d80000008c319060355040813124b756a6177736b6f2d506f6d6f72736b69653112301006035504071309427964676f737a637a3121301f060355040a131857797a737a6120537a6b6f6c6120476f73706f6461726b6931283026060355040b131f496e73747974757420496e666f726d6174796b692053746f736f77616e656a3121301f0603550403131857797a737a6120537a6b6f6c6120476f73706f6461726b69311f301d06092a864886f70d010901161070696f6e617240676d61696c2e636f6d0e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x6cac8a19b1391d1900c65604d6c49bca
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.9:1812, id=12, 
length=1277
        NAS-IP-Address = 192.168.1.9
        NAS-Port = 50003
        NAS-Port-Type = Ethernet
        User-Name = "klient"
        Called-Station-Id = "00-0F-F7-54-C3-03"
        Calling-Station-Id = "00-11-09-26-48-FA"
        Service-Type = Framed-User
        Framed-MTU = 1500
        State = 0x6cac8a19b1391d1900c65604d6c49bca
        EAP-Message = 
0x020b046f0d800000046516030104350b00032500032200031f3082031b30820284a003020102020102300d06092a864886f70d01010405003081cf310b300906035504061302504c311b3019060355040813124b756a6177736b6f2d506f6d6f72736b69653112301006035504071309427964676f737a637a3121301f060355040a131857797a737a6120537a6b6f6c6120476f73706f6461726b6931283026060355040b131f496e73747974757420496e666f726d6174796b692053746f736f77616e656a3121301f0603550403131857797a737a6120537a6b6f6c6120476f73706f6461726b69311f301d06092a864886f70d010901161070696f
        EAP-Message = 
0x6e617240676d61696c2e636f6d301e170d3037303731333038343832315a170d3038303731323038343832315a3081bd310b300906035504061302504c311b3019060355040813124b756a6177736b6f2d506f6d6f72736b69653112301006035504071309427964676f737a637a3121301f060355040a131857797a737a6120537a6b6f6c6120476f73706f6461726b6931283026060355040b131f496e73747974757420496e666f726d6174796b692053746f736f77616e656a310f300d060355040313066b6c69656e74311f301d06092a864886f70d010901161070696f6e617240676d61696c2e636f6d30819f300d06092a864886f70d010101
        EAP-Message = 
0x050003818d0030818902818100c65b79117fa57390280bad5dc10fb29acfa60e804e3a8bc39d6bc74d2d972c52e3d9a6cb022732f701098cae13b3a9cdc184d7b726e6cf7a8b89d9fd29e4b44868160df069810d5dbe85ed96ea97d23bd1ee3ac2efbb5da2f74f86dd7e6bd2cfed5f92d67d8a0206738265900057443d80666243fbf0f9e3109ccc837b5589bd0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d0101040500038181001465a163c5e5b40d2416ef34c2738366482fd3e1b4baa5cde1ac99ef2f6563987860d299e6858c965955c33ec4f0ed7075a3151831d68edb9c835bc2758e57
        EAP-Message = 
0x5cd01e036bae41be44dce4d2e5d66c98c12e7ac149271e3668166ded29abf6cc5cb1b24d77ca85475a812d2f96de5fc03b0c5395b4bee66b26d4598c54fb1ec2ce10000082008079ac8747ab54cf36aae112a6b1ddf6213a5f35ab6173acb355225c519135f8edf30a5e0dd31c593c0ab732f97ad98b7043d29d2cbc0e6bd78b058dff78fe06907d1511f0a4f5b91e7f67a0785befa93b68aac053fd664950407c97f7c4be10206d0e87d3df5b39070515f448c713cd10b2b9a0fc0ea0eae199249fd2f2421e650f000082008004da665683881d8fa8492037cd78addac8fa272e62caa6296dccce6b4067a6eb77a6f4e4047c9bf6f72ab6a3cafc4073
        EAP-Message = 
0x15032586f5230e82c51180edb559aac7be1a241f744e3f8b61db80714d7f1f2307f6a997e1758f1fadd57d1d80324e64f4dd59f7fd90d0c26505890f4f51fd22c4f296f71579fe1bc071dc0fb50261f71403010001011603010020b1cae07451a060ca2116569c2cf3636804816030195ca978ebf9926f23f8426f
        Message-Authenticator = 0xb5105d34ed04a2e8f86f745be477abd8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "klient", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 11 length 253
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry DEFAULT at line 190
  modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0329], Certificate
--> verify error:num=3:unable to get certificate CRL
  rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
    TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 12 to 192.168.1.9 port 1812
        Framed-Compression = Van-Jacobson-TCP-IP
        EAP-Message = 0x010c00110d800000000715030100020230
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa483477851e66e0f4e32edcd0f27c1bd
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.9:1812, id=13, 
length=140
        NAS-IP-Address = 192.168.1.9
        NAS-Port = 50003
        NAS-Port-Type = Ethernet
        User-Name = "klient"
        Called-Station-Id = "00-0F-F7-54-C3-03"
        Calling-Station-Id = "00-11-09-26-48-FA"
        Service-Type = Framed-User
        Framed-MTU = 1500
        State = 0xa483477851e66e0f4e32edcd0f27c1bd
        EAP-Message = 0x020c00060d00
        Message-Authenticator = 0x605a7ee69287c9cdbcf211bdd49a2410
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "klient", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 12 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 190
  modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack alert
  eaptls_verify returned 4
  eaptls_process returned 4
 rlm_eap: Handler failed in EAP/tls
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 5
modcall: leaving group authenticate (returns invalid) for request 5
auth: Failed to validate the user.
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.9:1812, id=13, 
length=140
Sending Access-Reject of id 13 to 192.168.1.9 port 1812
        EAP-Message = 0x040c0004
        Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Cleaning up request 0 ID 8 with timestamp 4698bbcc
Cleaning up request 1 ID 9 with timestamp 4698bbcc
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 10 with timestamp 4698bbcd
Cleaning up request 3 ID 11 with timestamp 4698bbcd
Cleaning up request 4 ID 12 with timestamp 4698bbcd
Cleaning up request 5 ID 13 with timestamp 4698bbcd
Nothing to do.  Sleeping until we see a request.

----------------------------------------------------
Jesteś fanem filmu "Seks w wielkim mieście"?
Ta komedia romantyczna jest dla Ciebie! 
MIŁOŚĆ I INNE NIESZCZĘŚCIA - w kinach od 20 lipca!
http://klik.wp.pl/?adr=http%3A%2F%2Fadv.reklama.wp.pl%2Fas%2Fmilosc_i_inne.html&sid=1223





More information about the Freeradius-Users mailing list