Client can't connect "Acquiring Network address"

Kwok Sianbin sianbin_kwok at yahoo.com
Tue May 20 11:18:13 CEST 2008


Hi,
 
 Thanks for the advice..The problem to generae certs was solved.
 Now it comes back to existing problem in version 1.1.7 where the client request  to  server  is on and on and never get connected.
 I wonder why NAS-IP-Address = 0.0.0.0 unlike the other as I know got IP address assigned.
 
 Here the log
 Ready to process requests.
         User-Name = "MarsNet"
         NAS-IP-Address = 0.0.0.0
         Framed-MTU = 1488
         Called-Station-Id = "00:30:1a:29:03:66"
         Calling-Station-Id = "00:1c:f0:10:56:b8"
         NAS-Port-Type = Wireless-802.11
         NAS-Identifier = "127.0.0.1"
         Connect-Info = "CONNECT 11Mbps 802.11b"
         EAP-Message = 0x0201000c014d6172734e6574
         Message-Authenticator = 0x971de64ca91d1afd0e499d63b8b9aff2
 +- entering group authorize
 ++[preprocess] returns ok
 ++[chap] returns noop
 ++[mschap] returns noop
     rlm_realm: No '@' in User-Name = "MarsNet", looking up realm NULL
     rlm_realm: No such realm "NULL"
 ++[suffix] returns noop
   rlm_eap: EAP packet type response id 1 length 12
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
 ++[eap] returns updated
 ++[unix] returns notfound
     users: Matched entry MarsNet at line 91
         expand: Hello, %{User-Name} -> Hello, MarsNet
 ++[files] returns ok
 ++[expiration] returns noop
 ++[logintime] returns noop
 rlm_pap: Found existing Auth-Type, not changing it.
 ++[pap] returns noop
   rad_check_password:  Found Auth-Type EAP
 auth: type "EAP"
 +- entering group authenticate
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
 ++[eap] returns handled
         Reply-Message = "Hello, MarsNet"
         EAP-Message = 0x010200060d20
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x13382f46133a22a47c694fefa3fc3d08
 Finished request 0.
 Going to the next request
 Waking up in 4.9 seconds.
         User-Name = "MarsNet"
         NAS-IP-Address = 0.0.0.0
         Framed-MTU = 1488
         Called-Station-Id = "00:30:1a:29:03:66"
         Calling-Station-Id = "00:1c:f0:10:56:b8"
         NAS-Port-Type = Wireless-802.11
         NAS-Identifier = "127.0.0.1"
         Connect-Info = "CONNECT 11Mbps 802.11b"
         State = 0x13382f46133a22a47c694fefa3fc3d08
         EAP-Message = 0x020200500d800000004616030100410100003d03014832660e2f0fb111fc67ba57fe53cac5b6e069fba786f0ec44807023b4284a8800001600040005000a000900640062000300060013001200630100
         Message-Authenticator = 0x0fe925603be76e65a1404457ac5412b6
 +- entering group authorize
 ++[preprocess] returns ok
 ++[chap] returns noop
 ++[mschap] returns noop
     rlm_realm: No '@' in User-Name = "MarsNet", looking up realm NULL
     rlm_realm: No such realm "NULL"
 ++[suffix] returns noop
   rlm_eap: EAP packet type response id 2 length 80
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
 ++[eap] returns updated
 ++[unix] returns notfound
     users: Matched entry MarsNet at line 91
         expand: Hello, %{User-Name} -> Hello, MarsNet
 ++[files] returns ok
 ++[expiration] returns noop
 ++[logintime] returns noop
 rlm_pap: Found existing Auth-Type, not changing it.
 ++[pap] returns noop
   rad_check_password:  Found Auth-Type EAP
 auth: type "EAP"
 +- entering group authenticate
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
   TLS Length 70
 rlm_eap_tls:  Length Included
   eaptls_verify returned 11
     (other): before/accept initialization
     TLS_accept: before/accept initialization
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
     TLS_accept: SSLv3 read client hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
     TLS_accept: SSLv3 write server hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 084c], Certificate
     TLS_accept: SSLv3 write certificate A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a6], CertificateRequest
     TLS_accept: SSLv3 write certificate request A
     TLS_accept: SSLv3 flush data
 TLS_accept: Need to read more data: SSLv3 read client certificate A
 In SSL Handshake Phase
 In SSL Accept mode
   eaptls_process returned 13
 ++[eap] returns handled
         Reply-Message = "Hello, MarsNet"
         EAP-Message = 0x010304000dc00000094b160301004a020000460301483265fd7c96a0e9fc9713fe93e9d180d22d37c1ae1a232b02433ecfcf033a34206f7a9cb000aa67272b2e95ac37019ecdc8a5bf6c574b0298bf67ddb71033c027000400160301084c0b0008480008450003a13082039d30820285a003020102020101300d06092a864886f70d0101040500308194310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3127302506035504
         EAP-Message = 0x03131e4d617273696e646f20436572746966696361746520417574686f72697479301e170d3038303532303034333135355a170d3039303532303034333135355a3076310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e311d301b060355040313144d617273696e646f2053657276657220436572743120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bca7c767561f951c18502242b005f2d0727dc1affd01c9b29918bbd3af268c095b091c
         EAP-Message = 0xc62304d82d388c4380d586d49eab42a7f82f4b9b86bdb1d5b0889644476f901a737c94349781c611d7d2da2ffbe8de5fa4534c28a4dffb2fbf805a6c9dff87227d8a0fab4dea651fc4223748b75d302ee960e8beda05996d8b2342b841770b030bef53297a177f431184747aa3bdc11f49750b8c603cb589c13583904a9ba6ef6560df8519d5a2dbeb7fe33c8a0ac801bb3e1f68d510b0c82312bd7fcb8d50c6286f3f7a45079625c0b4f9912cc83664227c5d418c10006a230c66172677d3bb4091370b0b871bda07bec0a82ee8f1377d3a8fadf0398f35beea0d89f70203010001a317301530130603551d25040c300a06082b06010505070301300d
 EAP-Message = 0x06092a864886f70d010104050003820101004fbfef54576f9aac86015d57964cc2def331a16bf997b2b983ec834fb72f42e43b335bf1ad890123b205fac6a64bc0f824f34806cab4532dc9d48c1f827fc8050d3fe13af9df766b71ba58c515eaef089cfc685c5399371f1ef8f123cee3990828942848c20c60c6ab0ef93ba786b829816f24183e53aefeeea6fd11061a320fc0fe871220ad9f403497754f7187b2fe58dbf420af6cbf62297119bf1724539671bd8015dc1cc3a7c55b69cd63a4a2c35d523463ac9f44338f049b9d3b10c330b7d2dc183a1565cba70bb125c57ffdeed44785e3f36d404a094df74380dc1133d675c9aa87a6fd41e8e79f
         EAP-Message = 0x93bd38749f3d952fe10c35a8
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x13382f46123b22a47c694fefa3fc3d08
 Finished request 1.
 Going to the next request
 

Kwok Sianbin <sianbin_kwok at yahoo.com> wrote: Hi All,
 
 I have problem generating client certificate for Windows Xp.
 
 # make client.pem
 openssl req -new  -out client.csr -keyout client.key -config ./client.cnf
 Generating a 2048 bit RSA private key
 ...................................................................+++
 .......+++
 writing new private key to 'client.key'
 -----
 openssl ca -batch -keyfile server.key -cert server.crt -in client.csr  -key `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
 Using configuration from ./client.cnf
 unable to load certificate
 4773:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE
 make: *** [client.crt] Error 1
 
 I looked in client.cnf and I could not figure out where got wrong!
            -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


       
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080520/8699990e/attachment.html>


More information about the Freeradius-Users mailing list