EAP/TTLS problem with Win XP and Linux

tnt at kalik.co.yu tnt at kalik.co.yu
Thu Oct 4 10:44:16 CEST 2007


Read the explanation in eap.conf, FAQ, this list hundreds of times ...

Ivan Kalik
Kalik Informatika ISP


Dana 4/10/2007, "elhammoud rachida" <racha81 at hotmail.fr> piše:

>hello,
>i'am trying to use radius authenticate and authorise users by EAP/TTLS  from 
>XP and Linux ( Debian), i'am using only a Ť users ť like database. i'am 
>reading the documentation : http://wiki.freeradius.org
>i've imported root.pem both Windows XP and Linux
>
>this log to Linux:
>
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=191, 
>length=208        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        EAP-Message = 0x0201000a017261636861
>        Message-Authenticator = 0xfae743fe55bca3b8b83a48a3f10ed3bc
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  rlm_eap: EAP packet type response id 1 length 10
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 0
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 0
>modcall: group authorize returns updated for request 0
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>  rlm_eap: EAP Identity
>  rlm_eap: processing type mschapv2
>rlm_eap_mschapv2: Issuing Challenge
>  modcall[authenticate]: module "eap" returns handled for request 0
>modcall: group authenticate returns handled for request 0
>Sending Access-Challenge of id 191 to 145.238.3.182:1026
>        EAP-Message = 
>0x0102001f1a0102001a105f4f4c366e47d80b1c27e30d08b4b0367261636861
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xfbee0cbaf20c360d6491c2b0b512304d
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=192, 
>length=222        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        State = 0xfbee0cbaf20c360d6491c2b0b512304d
>        EAP-Message = 0x020200060315
>        Message-Authenticator = 0xd72410f740ae385523110d6defecb5f0
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 1
>  modcall[authorize]: module "preprocess" returns ok for request 1
>  modcall[authorize]: module "chap" returns noop for request 1
>  rlm_eap: EAP packet type response id 2 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 1
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 1
>modcall: group authorize returns updated for request 1
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 1
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP NAK
>rlm_eap: EAP-NAK asked for EAP-Type/ttls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>  modcall[authenticate]: module "eap" returns handled for request 1
>modcall: group authenticate returns handled for request 1
>Sending Access-Challenge of id 192 to 145.238.3.182:1026
>        EAP-Message = 0x010300061520
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x429c3c29e255f725c510981e01307d3e
>Finished request 1
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=193, 
>length=313        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        State = 0x429c3c29e255f725c510981e01307d3e
>        EAP-Message = 
>0x0203006115800000005716030100520100004e0301470497b869826a1a156494e801e8ab8ebc88e444edbab8d5e7b9c890b9ce7d5c00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
>        Message-Authenticator = 0x69a1421041ecda03d67273a14054310d
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 2
>  modcall[authorize]: module "preprocess" returns ok for request 2
>  modcall[authorize]: module "chap" returns noop for request 2
>  rlm_eap: EAP packet type response id 3 length 97
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 2
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 2
>modcall: group authorize returns updated for request 2
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 2
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/ttls
>  rlm_eap: processing type ttls
>  rlm_eap_ttls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>    (other): before/accept initialization
>    TLS_accept: before/accept initialization
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello
>    TLS_accept: SSLv3 read client hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>    TLS_accept: SSLv3 write server hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0627], Certificate
>    TLS_accept: SSLv3 write certificate A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>    TLS_accept: SSLv3 write server done A
>    TLS_accept: SSLv3 flush data
>    TLS_accept:error in SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>  eaptls_process returned 13
>  modcall[authenticate]: module "eap" returns handled for request 2
>modcall: group authenticate returns handled for request 2
>Sending Access-Challenge of id 193 to 145.238.3.182:1026
>        EAP-Message = 
>0x0104040a15c000000684160301004a02000046030147049795ea5f54b60ec1a963a6050cf321b373a5129b55236ceb8814646c656e2021397a7083f4b0e4ef289bb347da88c32d2538e9c0c5796afd72671ff95b43a800350116030106270b0006230006200002ad308202a930820212a00302010202090097d09903d21d9c53300d06092a864886f70d0101040500308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d0109
>        EAP-Message = 
>0x0116127261636861383140686f746d61696c2e6672301e170d3037303932353131313234395a170d3038303932343131313234395a308192310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3110300e06035504031307736572766575723121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100bfb94bae23d4d4501336fc7fdb003812ab5c91411eed
>        EAP-Message = 
>0xb9725040db64c2a0e82e184b66da29d00c42a99b5c588f7de357d074b21a4ce8ed578bffb5f2b962dd2bfd8c6a60a3dc064acc9fedb3fad12fb92de22b0634430dc06a630879e4ea0448079ced1bc11c003ef63cc063bcb5a511c6f6fd2b5d8b0bae89d1b04c0985a1f70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009bb60795878ef9fd824caf95eda533eab41d75312f8af7420ca9045a4fed5c4999bb03caacd5f1074ba66ec9c401629f93b57709be7ab76188983f3f87b120536fdc626dbb5aed1b80e1473745421b7a867877073afc4394bae8579886ade7082f38
>        EAP-Message = 
>0x5284ead1564c79f6c83c07344ad50707bc67777485939021fd5c4fde550500036d30820369308202d2a00302010202090097d09903d21d9c52300d06092a864886f70d0101040500308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e6672301e170d3037303932353131313130375a170d3037313032353131313130375a308180310b30090603550406130246523113
>        EAP-Message = 0x30110603550408130a536f6d652d5374617465310f30
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xcdb56b546410d47e8ad2dc8aa7e606f8
>Finished request 2
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=194, 
>length=222        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        State = 0xcdb56b546410d47e8ad2dc8aa7e606f8
>        EAP-Message = 0x020400061500
>        Message-Authenticator = 0x78acfb7b5c5d9ba93dbf5fb16b853196
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 3
>  modcall[authorize]: module "preprocess" returns ok for request 3
>  modcall[authorize]: module "chap" returns noop for request 3
>  rlm_eap: EAP packet type response id 4 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 3
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 3
>modcall: group authorize returns updated for request 3
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 3
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/ttls
>  rlm_eap: processing type ttls
>  rlm_eap_ttls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
>  rlm_eap_tls: ack handshake fragment handler
>  eaptls_verify returned 1
>  eaptls_process returned 13
>  modcall[authenticate]: module "eap" returns handled for request 3
>modcall: group authenticate returns handled for request 3
>Sending Access-Challenge of id 194 to 145.238.3.182:1026
>        EAP-Message = 
>0x0105028e1580000006840d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100f2ce03feb0bbacd0c1b89ecea0621fa70d0c0dfd777f82b7da4b0c67908bdc72af35b501036b39c796fab274fe7c7098395139cd80c3def0e8ca65c3f1291a84a1f38342474758c9fa9aac36818b6626839b7f9a6673393d44940ebaea14cd662a0f5bd0487e27a29842095e7bd5309d75649205a5fad97bc41d75
>        EAP-Message = 
>0xec80d2fbab0203010001a381e83081e5301d0603551d0e04160414d8ca68899a3cf0402e89e9889f4f598ba2bec2513081b50603551d230481ad3081aa8014d8ca68899a3cf0402e89e9889f4f598ba2bec251a18186a48183308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667282090097d09903d21d9c52300c0603551d13040530030101ff300d06092a864886
>        EAP-Message = 
>0xf70d01010405000381810055e9fecdcd89146c84f21a7b232da59b1eee35c889d5eb07950d116f3baf9123308ea514daa6f7515e33994652f76748b981e7c5e5a00e6c5c4c03299318e812e100549970034482fef14fcaa937d71d79a6bfb4f0ce39b2bbe0f4028e1f90a2c7d1e1f6ded3df9e11af13c85fa10eaec4f6979f3010b4b5521d07e05e4a6ec916030100040e000000 
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xe701c94007f01d9882634f0432a6d114
>Finished request 3
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=195, 
>length=424        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        State = 0xe701c94007f01d9882634f0432a6d114
>        EAP-Message = 
>0x020500d01580000000c61603010086100000820080507e96001f817c7dfce96e989e771b2f38902a81f66519d75d522508d6b663508f50ef374da3dfc95996083930080e5edc58248184dd494816913f65d647fde08f8b2db8a1e37422e4d9ff6dd65cbd60a5c21b5d7e66d015b9cc61e2ac46dc25de7c9f6e01be17dbbb0599d795f3aa77467f4354579881ff6240969e5e9f5a1414030100010116030100305b0059cfbe818835fc45399fb05c6c72596ce0ec8a4a0befa17575c6a10931c46c05cc777adf688c60a888f381a2e561
>        Message-Authenticator = 0xa55246d48162d9bc3e2842114589d25b
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 4
>  modcall[authorize]: module "preprocess" returns ok for request 4
>  modcall[authorize]: module "chap" returns noop for request 4
>  rlm_eap: EAP packet type response id 5 length 208
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 4
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 4
>modcall: group authorize returns updated for request 4
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 4
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/ttls
>  rlm_eap: processing type ttls
>  rlm_eap_ttls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
>    TLS_accept: SSLv3 read client key exchange A
>  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
>    TLS_accept: SSLv3 read finished A
>  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
>    TLS_accept: SSLv3 write change cipher spec A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
>    TLS_accept: SSLv3 write finished A
>    TLS_accept: SSLv3 flush data
>    (other): SSL negotiation finished successfully
>SSL Connection Established
>  eaptls_process returned 13
>  modcall[authenticate]: module "eap" returns handled for request 4
>modcall: group authenticate returns handled for request 4
>Sending Access-Challenge of id 195 to 145.238.3.182:1026
>        EAP-Message = 
>0x0106004515800000003b140301000101160301003058729f21c600df1c67c00c784ba7ecf50581a5b3657f8a24ebd96af0977e332430409dee3dfec98cb5786579ba3c9189
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x34c8b26e1d7071a34ec8210c3710baaa
>Finished request 4
>Going to the next request
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 191 with timestamp 47049795
>Cleaning up request 1 ID 192 with timestamp 47049795
>Cleaning up request 2 ID 193 with timestamp 47049795
>Cleaning up request 3 ID 194 with timestamp 47049795
>Cleaning up request 4 ID 195 with timestamp 47049795
>Nothing to do.  Sleeping until we see a request.
>
>the server no sends response, why??
>
>and this log by Windows XP
>
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=196, 
>length=208        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        EAP-Message = 0x021b000a017261636861
>        Message-Authenticator = 0x54bacc36ad1175e684554c5f76c58832
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  rlm_eap: EAP packet type response id 27 length 10
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 0
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 0
>modcall: group authorize returns updated for request 0
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>  rlm_eap: EAP Identity
>  rlm_eap: processing type mschapv2
>rlm_eap_mschapv2: Issuing Challenge
>  modcall[authenticate]: module "eap" returns handled for request 0
>modcall: group authenticate returns handled for request 0
>Sending Access-Challenge of id 196 to 145.238.3.182:1026
>        EAP-Message = 
>0x011c001f1a011c001a105f4f4c366e47d80b1c27e30d08b4b0367261636861
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xfbee0cbaf20c360de5cb21cf55607e20
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=197, 
>length=222        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        State = 0xfbee0cbaf20c360de5cb21cf55607e20
>        EAP-Message = 0x021c00060315
>        Message-Authenticator = 0xb00f0ec480c5c36eb8a7110e87bde3b3
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 1
>  modcall[authorize]: module "preprocess" returns ok for request 1
>  modcall[authorize]: module "chap" returns noop for request 1
>  rlm_eap: EAP packet type response id 28 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 1
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 1
>modcall: group authorize returns updated for request 1
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 1
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP NAK
>rlm_eap: EAP-NAK asked for EAP-Type/ttls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>  modcall[authenticate]: module "eap" returns handled for request 1
>modcall: group authenticate returns handled for request 1
>Sending Access-Challenge of id 197 to 145.238.3.182:1026
>        EAP-Message = 0x011d00061520
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x429c3c29e255f725e935b0e1db7a8a39
>Finished request 1
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=198, 
>length=276        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        State = 0x429c3c29e255f725e935b0e1db7a8a39
>        EAP-Message = 
>0x021d003c158000000032160301002d010000290301e0dd816d595bd3edf0729c53c2953ffb3711cca4eb039cd0b2ac413175dfd9cd000002000a0100
>        Message-Authenticator = 0x842f4348b12e8e2bf0ce66965c711fc9
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 2
>  modcall[authorize]: module "preprocess" returns ok for request 2
>  modcall[authorize]: module "chap" returns noop for request 2
>  rlm_eap: EAP packet type response id 29 length 60
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 2
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 2
>modcall: group authorize returns updated for request 2
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 2
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/ttls
>  rlm_eap: processing type ttls
>  rlm_eap_ttls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>    (other): before/accept initialization
>    TLS_accept: before/accept initialization
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
>    TLS_accept: SSLv3 read client hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>    TLS_accept: SSLv3 write server hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0627], Certificate
>    TLS_accept: SSLv3 write certificate A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>    TLS_accept: SSLv3 write server done A
>    TLS_accept: SSLv3 flush data
>    TLS_accept:error in SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>  eaptls_process returned 13
>  modcall[authenticate]: module "eap" returns handled for request 2
>modcall: group authenticate returns handled for request 2
>Sending Access-Challenge of id 198 to 145.238.3.182:1026
>        EAP-Message = 
>0x011e040a15c000000684160301004a02000046030147049daa9066df5b206f509c2daf785a039b3f290d1da1972b195d73c56b3fee20d5f2327a11b59ff3ae5d4e9d5faaa5a1e5941852291e3c28f8403f5658ff3bd0000a0016030106270b0006230006200002ad308202a930820212a00302010202090097d09903d21d9c53300d06092a864886f70d0101040500308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d0109
>        EAP-Message = 
>0x0116127261636861383140686f746d61696c2e6672301e170d3037303932353131313234395a170d3038303932343131313234395a308192310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3110300e06035504031307736572766575723121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100bfb94bae23d4d4501336fc7fdb003812ab5c91411eed
>        EAP-Message = 
>0xb9725040db64c2a0e82e184b66da29d00c42a99b5c588f7de357d074b21a4ce8ed578bffb5f2b962dd2bfd8c6a60a3dc064acc9fedb3fad12fb92de22b0634430dc06a630879e4ea0448079ced1bc11c003ef63cc063bcb5a511c6f6fd2b5d8b0bae89d1b04c0985a1f70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009bb60795878ef9fd824caf95eda533eab41d75312f8af7420ca9045a4fed5c4999bb03caacd5f1074ba66ec9c401629f93b57709be7ab76188983f3f87b120536fdc626dbb5aed1b80e1473745421b7a867877073afc4394bae8579886ade7082f38
>        EAP-Message = 
>0x5284ead1564c79f6c83c07344ad50707bc67777485939021fd5c4fde550500036d30820369308202d2a00302010202090097d09903d21d9c52300d06092a864886f70d0101040500308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e6672301e170d3037303932353131313130375a170d3037313032353131313130375a308180310b30090603550406130246523113
>        EAP-Message = 0x30110603550408130a536f6d652d5374617465310f30
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xcdb56b546410d47ec20726810835dc55
>Finished request 2
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 4 seconds...
>rad_recv: Access-Request packet from host 145.238.3.182:1026, id=199, 
>length=222        Framed-MTU = 1480
>        NAS-IP-Address = 145.238.3.182
>        NAS-Identifier = "sw-test-radius-1"
>        User-Name = "racha"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 17
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "17"
>        Called-Station-Id = "00-14-38-fe-12-00"
>        Calling-Station-Id = "00-12-3f-0e-99-6f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "301"
>        State = 0xcdb56b546410d47ec20726810835dc55
>        EAP-Message = 0x021e00061500
>        Message-Authenticator = 0xabeaab3cbe7e553ebd43785cd5c25f86
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 3
>  modcall[authorize]: module "preprocess" returns ok for request 3
>  modcall[authorize]: module "chap" returns noop for request 3
>  rlm_eap: EAP packet type response id 30 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 3
>    users: Matched entry racha at line 86
>  modcall[authorize]: module "files" returns ok for request 3
>modcall: group authorize returns updated for request 3
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 3
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/ttls
>  rlm_eap: processing type ttls
>  rlm_eap_ttls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
>  rlm_eap_tls: ack handshake fragment handler
>  eaptls_verify returned 1
>  eaptls_process returned 13
>  modcall[authenticate]: module "eap" returns handled for request 3
>modcall: group authenticate returns handled for request 3
>Sending Access-Challenge of id 199 to 145.238.3.182:1026
>        EAP-Message = 
>0x011f028e1580000006840d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100f2ce03feb0bbacd0c1b89ecea0621fa70d0c0dfd777f82b7da4b0c67908bdc72af35b501036b39c796fab274fe7c7098395139cd80c3def0e8ca65c3f1291a84a1f38342474758c9fa9aac36818b6626839b7f9a6673393d44940ebaea14cd662a0f5bd0487e27a29842095e7bd5309d75649205a5fad97bc41d75
>        EAP-Message = 
>0xec80d2fbab0203010001a381e83081e5301d0603551d0e04160414d8ca68899a3cf0402e89e9889f4f598ba2bec2513081b50603551d230481ad3081aa8014d8ca68899a3cf0402e89e9889f4f598ba2bec251a18186a48183308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667282090097d09903d21d9c52300c0603551d13040530030101ff300d06092a864886
>        EAP-Message = 
>0xf70d01010405000381810055e9fecdcd89146c84f21a7b232da59b1eee35c889d5eb07950d116f3baf9123308ea514daa6f7515e33994652f76748b981e7c5e5a00e6c5c4c03299318e812e100549970034482fef14fcaa937d71d79a6bfb4f0ce39b2bbe0f4028e1f90a2c7d1e1f6ded3df9e11af13c85fa10eaec4f6979f3010b4b5521d07e05e4a6ec916030100040e000000 
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xe701c94007f01d98e348e2739e552ea6
>Finished request 3
>Going to the next request
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 196 with timestamp 47049da8
>Cleaning up request 1 ID 197 with timestamp 47049da8
>Waking up in 2 seconds...
>--- Walking the entire request list ---
>Cleaning up request 2 ID 198 with timestamp 47049daa
>Cleaning up request 3 ID 199 with timestamp 47049daa
>Nothing to do.  Sleeping until we see a request.
>
>
>what's a problem?
>
>Please could you help me?
>thanks
>
>_________________________________________________________________
>Gagnez des écrans plats avec Live.com http://www.image-addict.fr/
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list