Radius client can not connected!

Kwok Sianbin sianbin_kwok at yahoo.com
Mon Aug 11 06:38:09 CEST 2008


Hi all,

Need help.

I'd been doing this for sometimes and can't get it solved.

Client try to communicate with server but just can't get it connected.

here are the message:



Waking up in 4.7 seconds.

        User-Name = "testing"

        NAS-IP-Address = 0.0.0.0

        Framed-MTU = 1488

        Called-Station-Id = "00:30:1a:29:03:66"

        Calling-Station-Id = "00:1c:f0:10:56:b8"

        NAS-Port-Type = Wireless-802.11

        NAS-Identifier = "127.0.0.1"

        Connect-Info = "CONNECT 11Mbps 802.11b"

        State = 0x50713d8653743023ce88a0c1a1b930fe

        EAP-Message =
0x020505c50d80000005bb160301058b0b00037b0003780003753082037130820259a003020102020102300d06092a864886f70d01010405003070310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e311730150603550403140e4d6172734e65745f5365727665723120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d301e170d3038303730383032323630315a170d3131303730383032323630315a306f310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520

        EAP-Message =
0x496e632e311730150603550403140e4d6172734e65745f436c69656e74311f301d06092a864886f70d010901161075736572406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d9c82149515d4198e7647e1dd2fdaba3dd274d89fe59259ea656b5550118896812a05a0bad9307dda14f88582a1cfd1b8f475aabfc4e7ee2618d195fdb4fed673093982696a14d7a929c8590bfb32a930ee363d15a2ddadaf398d497527addbb88562c48803840ac7ab5cfd47709718078cee8489a415783ff1149bd2d8c4abd5ed1c83811392890b60e65dcfe3fae892d4ab0e3f98506387d47094656bb

        EAP-Message =
0xc7b5fdebc4b342b797d0dcc7a3fdd68cfa52490ec10a1e4a5d9cc82decc3f7340611755269c937f882478b6a875c460ea997351f33291f4f94bc7661b7f76a5457479f72639fc9acf815aa5ed438309a1695ffe34f1f967ad8f0b63d2e72f71240050203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010104050003820101008cb12a5b0e048b822dd0e435fdb3c808a183a2bfe5b8970d24c8d7d8de6183ac6bd0978accaa284093f927e49b512056fd5850cd2211016f0d68099bc90a2bf2fb93ab3f6a2552fe2b094ffb8830aabe7d00871f1f8b882d3bfec10f73a7af1688a51a2e915597276d

        EAP-Message =
0x0e2c716dbd340dba22124f473ea8396e799c6de451101cb64cc0e8913535dc79d23e6194878814e7d6baa7a1ba616947cfe5d368a83f5db7e71e95e9b90f189033e9851b1d8419c4ab78b988ca9c4ff1163ed3e390e486bfc803e176cb108e7c31b51c5b618e644a046f7a60f232b0d57c47f1626a96115e83d457a3ad661c064986ebdd3629ef50b6a0d67e7b923d4a0d288b3652d98e1000010201003c14f10ae05a07ca00d74116971fd5d146e8640db1f58ebebf6e49c7cd8dabe98da7b6461af55c77e5fbde2336eb2914ceb3a6e09cdb6a46989cd9e22983bc672387ff0483700a70e396a9f844edd9ac4bb95c4b2a3bc45755d9408e41b37034

        EAP-Message =
0x32c84f5b11d84870904e298defb383734235d6f67c9d9c0dfe20ed207fa3fe539571566103e2f55ee41cd3c7d6d9019f224594853387f67ccf453aa85ead173fa5059922888c7de3a689745cdc800423fc43522a91ee235704264a60eec90c62d01fde3cdda4f81666c26f8681c08b4a18b447d9971270ce92391e5c54f2537b3f7ff791fe7863daa40f6e0e244a02dab97755b4de554a21973a34dab24815ae0f00010201001b8569aff3bd371c1c7d782df9db0e00468d7806f2b5307f49dd2d4c5507aec96fe0db1fa401a613e021eec225eedf95303d1b2af768c011541086e89933d72b07d56d5a588e96d79906e1672e016fd5694fe694990ded

        EAP-Message =
0x9dc92e8f839a0e40cc7a7563476be125135d91d45ed4b5c978273b5e1d0e30cb655d8d1a011fe0d7c93e21603ee63e618566dbf126d95e68f8bf1e2bfbf8145a3894ddeb74923d45fbac9fdbde4cd7bf070931c74a4a7d3153a4e5de2d74c4f6f6191e639f57d2d18a256f240726a7b3100fec13048cddc9a99f594c82742aeb918959fe193bd1cb691a81fbf413aaba7e57cca12151350d96dc18a4b0af99d63cb68c1a5214a087a21403010001011603010020251f2329bd8931db05f4268228c4258ec07f3d2bb9281b1b83b584b08b75214d

        Message-Authenticator = 0xd97d042e7cb701a8720f28f6c5f1292b

+- entering group authorize

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

    rlm_realm: No '@' in User-Name = "testing", looking up realm NULL

    rlm_realm: No such realm "NULL"

++[suffix] returns noop

  rlm_eap: EAP packet type response id 5 length 253

  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

    users: Matched entry testing at line 91

        expand: Hello, %{User-Name} -> Hello, testing

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

rlm_pap: Found existing Auth-Type, not changing it.

++[pap] returns noop

  rad_check_password:  Found Auth-Type EAP

auth: type "EAP"

+- entering group authenticate

  rlm_eap: Request found, released from the list

  rlm_eap: EAP/tls

  rlm_eap: processing type tls

  rlm_eap_tls: Authenticate

  rlm_eap_tls: processing TLS

  TLS Length 1467

rlm_eap_tls:  Length Included

  eaptls_verify returned 11

  rlm_eap_tls: <<< TLS 1.0 Handshake [length 037f], Certificate

--> verify error:num=20:unable to get local issuer certificate

  rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca

TLS Alert write:fatal:unknown CA

    TLS_accept:error in SSLv3 read client certificate B

rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.

  eaptls_process returned 13

  rlm_eap: Freeing handler

++[eap] returns reject

auth: Failed to validate the user.

Login incorrect: [testing/<via Auth-Type = EAP>] (from client private-network-1 port 0 cli 00:1c:f0:10:56:b8)

  Found Post-Auth-Type Reject

+- entering group REJECT

        expand: %{User-Name} -> testing

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 4 for 1 seconds

Going to the next request



radtest testing testing123-1 localhost 0 testing123

User-Name = "testing"

        User-Password = "testing123"

        NAS-IP-Address = 192.168.1.5

        NAS-Port = 0

        Reply-Message = "Hello, testing"



Here another error when I do radtest to localhost by return 192.168.1.5

Where should I go to fix those problem? 

I browse a lot but just have no clue where did I get wrong!






      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080810/04d07209/attachment.html>


More information about the Freeradius-Users mailing list