|
Hi all. I have 2 server radius and 1 "AP Cisco" configured to use EAP Authentication. I have 2 server radius with freeradius 1.1.7 (fedora 8), configured in the same way (PEAP) (I haad configured my first server radius and then I copied my configuration files , and the certificates in second server radius) Then by my linux laptop, with wpa_supplicant I try to connect to my wireless ntwork. 1) If my AP is configured to require the authentication on first server radius 1, I obtain this log messages: Mon May 19 08:51:20 2008 : Error: TLS_accept:error in SSLv3 read client certificate A Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon May 19 08:51:20 2008 : Info: (other): SSL negotiation finished successfully Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon May 19 08:51:20 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Mon May 19 08:51:20 2008 : Auth: Login OK: [fanti/<no User-Password attribute>] (from client localhost port 3686 cli 001e.4c00.dade) Mon May 19 08:51:20 2008 : Auth: Login OK: [fanti/<no User-Password attribute>] (from client ap-alternet port 3686 cli 001e.4c00.dade) ############################################################## If I start with radius -X: rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 9 modcall: group authenticate returns ok for request 9 Login OK: [fanti/<no User-Password attribute>] (from client ap-alternet port 3687 cli 001e.4c00.dade) ################################################################## 2) In my second server radius I obtain: Mon May 19 08:50:38 2008 : Info: rlm_eap_mschapv2: Issuing Challenge Mon May 19 08:50:38 2008 : Auth: Login OK: [fanti] (from client localhost port 3689 cli 001e.4c00.dade) Mon May 19 08:50:38 2008 : Auth: Login OK: [fanti] (from client ap-alternet port 3689 cli 001e.4c00.dade) ##################### If I start with radius -X: rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 9 modcall: leaving group authenticate (returns ok) for request 9 Login OK: [fanti] (from client ap-alternet port 3690 cli 001e.4c00.dade I don't understand why I have differences in this 2 logs (In rows where I have Login OK). Can you help me please ? Thank you enrico |