eap/peap certificate problems?

David Hláčik david at hlacik.eu
Mon Apr 21 20:41:25 CEST 2008


Hi, becouse for a period of time i was not able to add to my
working MSCHAPv2 for PPTPD with ldap radius configuration , i have copied a
fresh new radius configuration files and tried to configure just a simple
eap/peap for my wireless router.
I have CentOS 5.1 , but basically i have followed this howto
http://ubuntuforums.org/showthread.php?t=478804
I have my own CA , and my own server certificate , with X509 xpextension
support configured. I have installed as a trusted root CA certificate in my
Windows Vista SP1 Client computer, i am using simple testuser with Secret149
password defined in users file, but it still not works and complains about
certificates. My windows vista wirelless connection manager is showing my
server certificate as correct.
This is log file

Thanks!

D.

[root at sx2 raddb]# radiusd -X
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/radius"
 main: libdir = "/usr/lib64"
 main: radacctdir = "/var/log/radius/radacct"
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/radiusd/radiusd.pid"
 main: user = "radiusd"
 main: group = "radiusd"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib64
Module: Loaded exec
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = yes
 mschap: require_strong = yes
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "/etc/shadow"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = "peap"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc/pki/wireless/server_key.pem"
 tls: certificate_file = "/etc/pki/wireless/server_cert.pem"
 tls: CA_file = "/etc/pki/wireless/cacert.pem"
 tls: private_key_password = "Pln192"
 tls: dh_file = "/etc/pki/wireless/dh"
 tls: random_file = "/etc/pki/wireless/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "(null)"
 tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/etc/raddb/huntgroups"
 preprocess: hints = "/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/etc/raddb/users"
 files: acctusersfile = "/etc/raddb/acct_users"
 files: preproxy_usersfile = "/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
 detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.123.42.11:3076, id=112,
length=165
 User-Name = "boss"
 NAS-IP-Address = 10.123.42.11
 NAS-Port = 0
 Called-Station-Id = "001cf05a2b71"
 Calling-Station-Id = "001b77392d05"
 NAS-Identifier = "Realtek Access Point. 8181"
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 Service-Type = Framed-User
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message = 0x0200000901626f7373
 Message-Authenticator = 0x79fd10c2a79dd35bc6304d53524675e8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 0 length 9
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 112 to 10.123.42.11 port 3076
 Framed-IP-Address = 255.255.255.254
 Framed-MTU = 576
 Service-Type = Framed-User
 EAP-Message = 0x010100061920
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x352e94993bcbb8a4249d7264d82f1829
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3076, id=113,
length=283
 User-Name = "boss"
 NAS-IP-Address = 10.123.42.11
 NAS-Port = 0
 Called-Station-Id = "001cf05a2b71"
 Calling-Station-Id = "001b77392d05"
 NAS-Identifier = "Realtek Access Point. 8181"
 NAS-Port-Type = Wireless-802.11
 Service-Type = Framed-User
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message =
0x020100731980000000691603010064010000600301480cdacd6b3c5cf0b29cac484d2b3b6ec171038c6b943dd64181cfcd84fe6899000018002f00350005000ac009c00ac013c01400320038001300040100001f000000090007000004626f7373000a00080006001700180019000b00020100
 State = 0x352e94993bcbb8a4249d7264d82f1829
 Message-Authenticator = 0xd9e69c4f8fee707fadc9cb90c69bfea5
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 1 length 115
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0064], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 064b], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 113 to 10.123.42.11 port 3076
 Framed-IP-Address = 255.255.255.254
 Framed-MTU = 576
 Service-Type = Framed-User
 EAP-Message =
0x0102040a19c0000006a8160301004a020000460301480cdad46cd0e36489634b6d7e50a951e4b51c278c2dc04609fe3430936ddfbe20066fab6cce937dafb55c9c32a513910ca741e5ba99623744e649777ac10fc3c5002f00160301064b0b0006470006440002b6308202b23082021ba003020102020900e7477704fe0b606c300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06
 EAP-Message =
0x092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135313033385a170d3039303432313135313033385a308192310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311e301c060355040313157378322e6c6162732e706f6c6172696f6e2e636f6d3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c100256ce017aaf9e613e4b6a5
 EAP-Message =
0x203ba1912f3d46d2dbda44e425dac84656ee6e44979674b2cdb0d429478baad086f313d3b05e2c6daec28dde064e896b3829dad39e6bd4e84fb4dc70ab11f399e49da302ec5b4bd7de4312f3ade2ce17be200c063c50e96620ed89dac441f472b39f1957b8cb1f47c5bb06885f8e52d94f02a50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008e366b4ecc308504d941c865e39a05ddcbaa2ca8072792ba9eb2959e6cffc75b300b10b52700dd4886e294a35951a7dae1168cb2c0d13976f14a56fd3e571f3c6911f5f4b791244ed6de22ebb3515a957ab95b54ac09efd7ae
 EAP-Message =
0x6bd956c9ea27c63ed372290be9ceff4d36bac037ee2936cd4b2b5065f50452c398b8e1d17ca15c00038830820384308202eda003020102020900e7477704fe0b606a300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135303434345a170d3039303432313135303434345a
 EAP-Message = 0x308189310b300906035504061302435a311730150603
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xc5438c3f67d8fc170bfdecf1c6cb04cc
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3076, id=114,
length=174
 User-Name = "boss"
 NAS-IP-Address = 10.123.42.11
 NAS-Port = 0
 Called-Station-Id = "001cf05a2b71"
 Calling-Station-Id = "001b77392d05"
 NAS-Identifier = "Realtek Access Point. 8181"
 NAS-Port-Type = Wireless-802.11
 Service-Type = Framed-User
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message = 0x020200061900
 State = 0xc5438c3f67d8fc170bfdecf1c6cb04cc
 Message-Authenticator = 0x3e96daba715db87f39916db1695d2563
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
  modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 114 to 10.123.42.11 port 3076
 Framed-IP-Address = 255.255.255.254
 Framed-MTU = 576
 Service-Type = Framed-User
 EAP-Message =
0x010302ae1900550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100a235bf64e96b6f1cbb7664a541efa304adf30f47c8576eebd7038286b57d2d7f156f7a86d652d70432f1bd22fe29d68600329a04faa9499ace51a7bf608357a390ca1137d759c440ba2b58a45581243984f624158680f784b498ad57b45f671cf3a4e8da
 EAP-Message =
0xd1564f915ee767df13bb438be8017ae197b1cb664199b751c6691a7d0203010001a381f13081ee301d0603551d0e041604144ecee11fc70a7694d7af21e5a7819990370028e63081be0603551d230481b63081b380144ecee11fc70a7694d7af21e5a7819990370028e6a1818fa4818c308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d82
 EAP-Message =
0x0900e7477704fe0b606a300c0603551d13040530030101ff300d06092a864886f70d0101050500038181008a0ac70a399e62294dd9a9a87c297d332e67ecc64ea0dabba66d2a30a0ac26b4c8e09bb9cbb199cdb731e5831bb5d9a5403c5172d261250df6cc9e5041c2e9317086ba14b1d8c6c13d8e0b40d9fec502456b1c48d1d290d25f5fb5849c9da082a706e33c8a7dddc9acc9f81bc53f42cd9cd93a8d31f5603d9761d98e6398c50d16030100040e000000
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x76d7c4e6f67f926686a5dc4693c1d6e0
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3076, id=115,
length=376
 User-Name = "boss"
 NAS-IP-Address = 10.123.42.11
 NAS-Port = 0
 Called-Station-Id = "001cf05a2b71"
 Calling-Station-Id = "001b77392d05"
 NAS-Identifier = "Realtek Access Point. 8181"
 NAS-Port-Type = Wireless-802.11
 Service-Type = Framed-User
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message =
0x020300d01980000000c61603010086100000820080b21c3e1e4fae427fd09b23b8a18dcd5c9614f95436a1d360e40bc785390f5d907a33d3f5eb72077980d0db736c50e21a4a961e219572131ed6a54f0407d67d563a85e59db3c3bb0b8d9411e437b085d1661178f1ecfbb93606962637078cc486ad801dcef5ba373121299a4baa00c483875dbebdd6519f63c5ec4ab881c4acf61403010001011603010030654cbaf37740de04fdf9e6385b2d7d42ce0d8caf852004f92268eeac440afecfb85fb8a1516079f0ffa1d45494b77685
 State = 0x76d7c4e6f67f926686a5dc4693c1d6e0
 Message-Authenticator = 0x6421fcec1f1cc5125791a70319a1ea43
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: EAP packet type response id 3 length 208
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
  modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 115 to 10.123.42.11 port 3076
 Framed-IP-Address = 255.255.255.254
 Framed-MTU = 576
 Service-Type = Framed-User
 EAP-Message =
0x010400411900140301000101160301003047fdad6e556880c11c7e70fb192ff4cd295124df3aa30eb15b26dcf4c48fc6f8aeac60091e893cd59405eb8d7209f9c1
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xc6dea48edc410ff186e20cb27acbf71b
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 112 with timestamp 480cdad4
Cleaning up request 1 ID 113 with timestamp 480cdad4
Cleaning up request 2 ID 114 with timestamp 480cdad4
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 115 with timestamp 480cdad5
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.123.42.11:3077, id=112,
length=173
 User-Name = "testuser"
 NAS-IP-Address = 10.123.42.11
 NAS-Port = 0
 Called-Station-Id = "001cf05a2b71"
 Calling-Station-Id = "001b77392d05"
 NAS-Identifier = "Realtek Access Point. 8181"
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 Service-Type = Framed-User
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message = 0x0200000d017465737475736572
 Message-Authenticator = 0x0ee36160aedc0ad3b60e2fb258039d06
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 0 length 13
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry testuser at line 216
  modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 112 to 10.123.42.11 port 3077
 Framed-IP-Address = 255.255.255.254
 Framed-MTU = 576
 Service-Type = Framed-User
 EAP-Message = 0x010100061920
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x66994fc2e8159ac20377da485a287cf7
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3077, id=113,
length=291
 User-Name = "testuser"
 NAS-IP-Address = 10.123.42.11
 NAS-Port = 0
 Called-Station-Id = "001cf05a2b71"
 Calling-Station-Id = "001b77392d05"
 NAS-Identifier = "Realtek Access Point. 8181"
 NAS-Port-Type = Wireless-802.11
 Service-Type = Framed-User
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message =
0x0201007719800000006d1603010068010000640301480cddb5cfdb7316f78553c8246acb97d94ce30a5f5c236ee8c43c093e36b965000018002f00350005000ac009c00ac013c0140032003800130004010000230000000d000b0000087465737475736572000a00080006001700180019000b00020100
 State = 0x66994fc2e8159ac20377da485a287cf7
 Message-Authenticator = 0x5b61c6c39482584ade5b59c279202057
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 1 length 119
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry testuser at line 216
  modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0068], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 064b], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 113 to 10.123.42.11 port 3077
 Framed-IP-Address = 255.255.255.254
 Framed-MTU = 576
 Service-Type = Framed-User
 EAP-Message =
0x0102040a19c0000006a8160301004a020000460301480cddbc14e814e50421705d1ad4e4deb66d4e643b8a7b9a615c4e2bebe16d7d20e777e9bd16213d489da53ccf50db5598a9e7b10dba376e73c7b32dd6950ccea5002f00160301064b0b0006470006440002b6308202b23082021ba003020102020900e7477704fe0b606c300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06
 EAP-Message =
0x092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135313033385a170d3039303432313135313033385a308192310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311e301c060355040313157378322e6c6162732e706f6c6172696f6e2e636f6d3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c100256ce017aaf9e613e4b6a5
 EAP-Message =
0x203ba1912f3d46d2dbda44e425dac84656ee6e44979674b2cdb0d429478baad086f313d3b05e2c6daec28dde064e896b3829dad39e6bd4e84fb4dc70ab11f399e49da302ec5b4bd7de4312f3ade2ce17be200c063c50e96620ed89dac441f472b39f1957b8cb1f47c5bb06885f8e52d94f02a50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008e366b4ecc308504d941c865e39a05ddcbaa2ca8072792ba9eb2959e6cffc75b300b10b52700dd4886e294a35951a7dae1168cb2c0d13976f14a56fd3e571f3c6911f5f4b791244ed6de22ebb3515a957ab95b54ac09efd7ae
 EAP-Message =
0x6bd956c9ea27c63ed372290be9ceff4d36bac037ee2936cd4b2b5065f50452c398b8e1d17ca15c00038830820384308202eda003020102020900e7477704fe0b606a300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135303434345a170d3039303432313135303434345a
 EAP-Message = 0x308189310b300906035504061302435a311730150603
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xb83123181e34c0fa312134305bc70299
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3077, id=114,
length=178
 User-Name = "testuser"
 NAS-IP-Address = 10.123.42.11
 NAS-Port = 0
 Called-Station-Id = "001cf05a2b71"
 Calling-Station-Id = "001b77392d05"
 NAS-Identifier = "Realtek Access Point. 8181"
 NAS-Port-Type = Wireless-802.11
 Service-Type = Framed-User
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message = 0x020200061900
 State = 0xb83123181e34c0fa312134305bc70299
 Message-Authenticator = 0x4608a7974cf83a5f59f6c399014da1e4
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry testuser at line 216
  modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 114 to 10.123.42.11 port 3077
 Framed-IP-Address = 255.255.255.254
 Framed-MTU = 576
 Service-Type = Framed-User
 EAP-Message =
0x010302ae1900550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100a235bf64e96b6f1cbb7664a541efa304adf30f47c8576eebd7038286b57d2d7f156f7a86d652d70432f1bd22fe29d68600329a04faa9499ace51a7bf608357a390ca1137d759c440ba2b58a45581243984f624158680f784b498ad57b45f671cf3a4e8da
 EAP-Message =
0xd1564f915ee767df13bb438be8017ae197b1cb664199b751c6691a7d0203010001a381f13081ee301d0603551d0e041604144ecee11fc70a7694d7af21e5a7819990370028e63081be0603551d230481b63081b380144ecee11fc70a7694d7af21e5a7819990370028e6a1818fa4818c308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d82
 EAP-Message =
0x0900e7477704fe0b606a300c0603551d13040530030101ff300d06092a864886f70d0101050500038181008a0ac70a399e62294dd9a9a87c297d332e67ecc64ea0dabba66d2a30a0ac26b4c8e09bb9cbb199cdb731e5831bb5d9a5403c5172d261250df6cc9e5041c2e9317086ba14b1d8c6c13d8e0b40d9fec502456b1c48d1d290d25f5fb5849c9da082a706e33c8a7dddc9acc9f81bc53f42cd9cd93a8d31f5603d9761d98e6398c50d16030100040e000000
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xd87a137b0b4fc5a29f3b2fa93a6f4c65
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3077, id=115,
length=380
 User-Name = "testuser"
 NAS-IP-Address = 10.123.42.11
 NAS-Port = 0
 Called-Station-Id = "001cf05a2b71"
 Calling-Station-Id = "001b77392d05"
 NAS-Identifier = "Realtek Access Point. 8181"
 NAS-Port-Type = Wireless-802.11
 Service-Type = Framed-User
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message =
0x020300d01980000000c616030100861000008200800c1f193b9041cdc894a0f1bb1c57995434db29eb2862297f204aeb0d4ed003609151acd9436778b768a8305c933700db0d37d5dbb4395bf5893623e090dadaed698dad421606482836f5d565a39890993167869ebb8cf4e6cc155537902fb71ccf05fd09f4a358ccafa3ef4f78a961a3ba9708f57a311217f029e1684625d02b140301000101160301003031046c0e381188b46ab76ce8a006992bfbe11256341a662da412c547bcf729ac147cdb430311f54eddebe7d251521b05
 State = 0xd87a137b0b4fc5a29f3b2fa93a6f4c65
 Message-Authenticator = 0x18750c35a9a5b2233503c793958bce9b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: EAP packet type response id 3 length 208
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry testuser at line 216
  modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 115 to 10.123.42.11 port 3077
 Framed-IP-Address = 255.255.255.254
 Framed-MTU = 576
 Service-Type = Framed-User
 EAP-Message =
0x0104004119001403010001011603010030f4691b547edc205a2563214db973a4e1016e38aacb8a27be0b4f266c30452a14431912729a868324cc3447b83f29cd50
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5213d7e8f65f7bf4a42614296bb63a9b
Finished request 7
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 112 with timestamp 480cddbc
Cleaning up request 5 ID 113 with timestamp 480cddbc
Cleaning up request 6 ID 114 with timestamp 480cddbc
Cleaning up request 7 ID 115 with timestamp 480cddbc
Nothing to do.  Sleeping until we see a request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080421/ab2fd215/attachment.html>


More information about the Freeradius-Users mailing list