EAP/TLS

Sergio Yébenes Moreno sergioyebenes at alumnos.upm.es
Thu Jul 10 11:04:19 CEST 2008 

Kwok Sianbin escribió:
>
> Thanks for the tips.
> If the certificates are fine then
> the only problem here is the radius server.
> XP can not authenticate the client & can't get connected.
>
> here the output
> Ready to process requests.
>         User-Name = "MarsNet_Client"
>         NAS-IP-Address = 0.0.0.0
>         Framed-MTU = 1488
>         Called-Station-Id = "00:30:1a:29:03:66"
>         Calling-Station-Id = "00:1c:f0:10:56:b8"
>         NAS-Port-Type = Wireless-802.11
>         NAS-Identifier = "127.0.0.1"
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x02020013014d6172734e65745f436c69656e74
>         Message-Authenticator = 0x00ebc8fcffd2c906e2d36ec4fff17d3a
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up 
> realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 2 length 19
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.  
> Authentication may fail because of this.
> ++[pap] returns noop
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: EAP Identity
>   rlm_eap: processing type tls
>  rlm_eap_tls: Requiring client certificate
>   rlm_eap_tls: Initiate
>   rlm_eap_tls: Start returned 1
> ++[eap] returns handled
>         EAP-Message = 0x010300060d20
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x7382effe7381e2540240fd45d4418b28
> Finished request 4.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 4 ID 1 with timestamp +930
> Ready to process requests.
>         User-Name = "MarsNet_Client"
>         NAS-IP-Address = 0.0.0.0
>         Framed-MTU = 1488
>         Called-Station-Id = "00:30:1a:29:03:66"
>         Calling-Station-Id = "00:1c:f0:10:56:b8"
>         NAS-Port-Type = Wireless-802.11
>         NAS-Identifier = "127.0.0.1"
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x02010013014d6172734e65745f436c69656e74
>         Message-Authenticator = 0xd79261edb8c5b177b0b6334837684449
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up 
> realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 1 length 19
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.  
> Authentication may fail because of this.
> ++[pap] returns noop
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: EAP Identity
>   rlm_eap: processing type tls
>  rlm_eap_tls: Requiring client certificate
>   rlm_eap_tls: Initiate
>   rlm_eap_tls: Start returned 1
> ++[eap] returns handled
>         EAP-Message = 0x010200060d20
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xae557800ae5775e5b09645c04263a306
> Finished request 5.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 5 ID 3 with timestamp +950
> Ready to process requests.
>
>
> --- On *Mon, 7/7/08, Ivan Kalik /<tnt at kalik.net>/* wrote:
>
>     From: Ivan Kalik <tnt at kalik.net>
>     Subject: Re: Private key
>     To: "FreeRadius users mailing list"
>     <freeradius-users at lists.freeradius.org>
>     Date: Monday, July 7, 2008, 10:38 PM
>
>     Why do you care if "Windows does not have enough information to verify
>     this certificate"? Does radius server have any problems with it?
>
>     Ivan Kalik
>     Kalik Informatika ISP
>
>     -
>     List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> __________ Información de NOD32, revisión 3253 (20080709) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>   
Have you read last lines of eap.conf?

More information about the Freeradius-Users mailing list