EAP/TLS

Kwok Sianbin sianbin_kwok at yahoo.com
Wed Jul 9 10:06:19 CEST 2008



Thanks for the tips. 

If the certificates are fine then 

the only problem here is the radius server.

XP can not authenticate the client & can't get connected.



here the output

Ready to process requests.

        User-Name = "MarsNet_Client"

        NAS-IP-Address = 0.0.0.0

        Framed-MTU = 1488

        Called-Station-Id = "00:30:1a:29:03:66"

        Calling-Station-Id = "00:1c:f0:10:56:b8"

        NAS-Port-Type = Wireless-802.11

        NAS-Identifier = "127.0.0.1"

        Connect-Info = "CONNECT 11Mbps 802.11b"

        EAP-Message = 0x02020013014d6172734e65745f436c69656e74

        Message-Authenticator = 0x00ebc8fcffd2c906e2d36ec4fff17d3a

+- entering group authorize

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

    rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULL

    rlm_realm: No such realm "NULL"

++[suffix] returns noop

  rlm_eap: EAP packet type response id 2 length 19

  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

  rad_check_password:  Found Auth-Type EAP

auth: type "EAP"

+- entering group authenticate

  rlm_eap: EAP Identity

  rlm_eap: processing type tls

 rlm_eap_tls: Requiring client certificate

  rlm_eap_tls: Initiate

  rlm_eap_tls: Start returned 1

++[eap] returns handled

        EAP-Message = 0x010300060d20

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x7382effe7381e2540240fd45d4418b28

Finished request 4.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 4 ID 1 with timestamp +930

Ready to process requests.

        User-Name = "MarsNet_Client"

        NAS-IP-Address = 0.0.0.0

        Framed-MTU = 1488

        Called-Station-Id = "00:30:1a:29:03:66"

        Calling-Station-Id = "00:1c:f0:10:56:b8"

        NAS-Port-Type = Wireless-802.11

        NAS-Identifier = "127.0.0.1"

        Connect-Info = "CONNECT 11Mbps 802.11b"

        EAP-Message = 0x02010013014d6172734e65745f436c69656e74

        Message-Authenticator = 0xd79261edb8c5b177b0b6334837684449

+- entering group authorize

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

    rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULL

    rlm_realm: No such realm "NULL"

++[suffix] returns noop

  rlm_eap: EAP packet type response id 1 length 19

  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

  rad_check_password:  Found Auth-Type EAP

auth: type "EAP"

+- entering group authenticate

  rlm_eap: EAP Identity

  rlm_eap: processing type tls

 rlm_eap_tls: Requiring client certificate

  rlm_eap_tls: Initiate

  rlm_eap_tls: Start returned 1

++[eap] returns handled

        EAP-Message = 0x010200060d20

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xae557800ae5775e5b09645c04263a306

Finished request 5.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 5 ID 3 with timestamp +950

Ready to process requests.



--- On Mon, 7/7/08, Ivan Kalik <tnt at kalik.net> wrote:
From: Ivan Kalik <tnt at kalik.net>
Subject: Re: Private key
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Date: Monday, July 7, 2008, 10:38 PM

Why do you care if "Windows does not have enough information to verify
this certificate"? Does radius server have any problems with it?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080709/490ad1ff/attachment.html>


More information about the Freeradius-Users mailing list