authentication without certification

Hegedus Gabor hegedus.gabor at euroway.hu
Fri Jan 16 14:42:22 CET 2009


Hi, I have a problem,
(config:
server: FreeRadius 2.1.3, ubuntu 8.10
nas: cisco AP
client: win xp)

The authentication with TLS works fine if i install the certificate on 
the client.(just for test)

I cannot install the client certificate on all client system(some reason 
-no admin access-)
= >  i want use eap-ttls or peap for authentication cos it doesn't use 
certificate, no need install.

how can I set it up?
I try change the eap modul:  default_eap_type = ttls  or peap but  not 
works, auth stops (no reject or accept)

what is the problem?
here is the debug:

rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=161, 
length=121
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0xc15a502d4411ec8efd27ba0ea250c934
    EAP-Message = 0x020200090168656765
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns updated
[files] users: Matched entry hege at line 72
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 161 to 10.0.0.1 port 1645
    EAP-Message = 0x010300061520
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabc8abd1abcbbeb294a359e00e4a0280
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=162, 
length=136
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0x7b2402029dc54aa674b650a06c9c8d61
    EAP-Message = 0x020300060319
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0xabc8abd1abcbbeb294a359e00e4a0280
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns updated
[files] users: Matched entry hege at line 72
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 162 to 10.0.0.1 port 1645
    EAP-Message = 0x010400061920
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabc8abd1aaccb2b294a359e00e4a0280
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=163, 
length=245
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0x3cf5569c00de9c5a2b62ea0c9b1de9c5
    EAP-Message = 
0x020400731980000000691603010064010000600301497086d0b8514dcd6d049d3c8152f6d220610810c0580de41e21b306d80495e3000018002f00350005000ac009c00ac013c01400320038001300040100001f00000009000700000468656765000a00080006001700180019000b00020100
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0xabc8abd1aaccb2b294a359e00e4a0280
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 115
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 105
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0064], ClientHello 
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello 
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 07e5], Certificate 
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode 
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 163 to 10.0.0.1 port 1645
    EAP-Message = 
0x0105040019c000000822160301002a020000260301497086d6ba4997eed9e2dd68eebe9b96a913f5750773b4e9339a621550c5ae9800002f0016030107e50b0007e10007de00037d3082037930820261a003020102020101300d06092a864886f70d0101040500307a310b3009060355040613024855310f300d06035504081306526164697573310b300906035504071302425031123010060355040a13094575726f776179436f3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311730150603550403130e4575726f776179202d2074657374301e170d3039303131343131343532325a170d31393031313231
    EAP-Message = 
0x31343532325a306d310b3009060355040613024855310f300d0603550408130652616469757331123010060355040a13094575726f776179436f311730150603550403130e4575726f776179202d20746573743120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d28aa07953ca400f01cf32debbc9e44a34b6691ea0d130f7208e3b67addf8f4c375917c3e6cd5029eeafee298fc54dab97b0909967b77bde6eccecef7d9872c33f8b8a3dff873504ea02b2a114409ce3a82efdab4ad37bd21d8d1832e08a5fb4a84cf09e81a0c2
    EAP-Message = 
0x4916598ceee0d98ac4aaa54e1efe127b33d03895c3078dc1c03549403ee4ff4395e354d9a43d3bf54adf51a754ea7bbd9f1cdfb63320bcd838ab8e634a1d2c6185605a6b3d99ac5422f4c8dabea575caaeb2e3826849c4cf40344614e4e7cb7ddeaae82412a2c83dce36b7b356bbfbdfddba3245403954b53f23d0a7df58b5a4cefa4441dd1b9289c74c81d08433a5390f5f3a2a2b63a6aac50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010067ec221461a27d061d5b56b04dafc6abacb96bed188944064ed1dd20f786c59c4bab761106ee2f7e14786db9767b9dad77bd
    EAP-Message = 
0xc28a44140e19ec0ac5dabb2a4b2e31287cd507e30259378e4ede0024256090a2c9a28be0e3278b4e94c92545c89f4c650b0dc2e51b6c651ac691cf83026ae629d71c81d09f122d5f004c1805e55dcf32220f934a7701da8c200d7462477fac41018103aed3eeca37916241296df05069991e4d4fb82eec1a86f81b6de6db1dc805ed9f023dc6a914990e48dbc2983baeb6c58469aeb85bad3f58affe1fb5fa51596213a45581af22a8a5c0bdc62f1d02041ea78cdd8b0481c3af9ce58903e376f79bbb6f61837ef3dfbad8e5c2e100045b308204573082033fa003020102020900beb5e5e3c2e2e2c7300d06092a864886f70d0101050500307a310b30
    EAP-Message = 0x09060355040613024855310f
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabc8abd1a9cdb2b294a359e00e4a0280
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=164, 
length=136
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0x668cc3c5df02a963ca45b4910d73e5a6
    EAP-Message = 0x020500061900
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0xabc8abd1a9cdb2b294a359e00e4a0280
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 164 to 10.0.0.1 port 1645
    EAP-Message = 
0x010603fc1940300d06035504081306526164697573310b300906035504071302425031123010060355040a13094575726f776179436f3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311730150603550403130e4575726f776179202d2074657374301e170d3039303131343131343531345a170d3139303131323131343531345a307a310b3009060355040613024855310f300d06035504081306526164697573310b300906035504071302425031123010060355040a13094575726f776179436f3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311730150603550403
    EAP-Message = 
0x130e4575726f776179202d207465737430820122300d06092a864886f70d01010105000382010f003082010a0282010100bc9d773453aaedb311ec7dc7b7852ec03f93af8a86861b3f2328a3bc3cadcfb6f2a915d02c5731049e1518cd6a4bbb1174ff92e2bba1467e1c92c2de0c2fce122fcb66c84991ec9fa1c4889adf3bec2eaa5aa5049c36dccb7d35f5f1e5875e6d6159b23c928984a92acb3ae5f7993a24f8361e91539f81ed172f0cc8809d7296284cfc8ee01071afadbf69591aac279bfc2e322de8026928ce694460650a648cf05d02780daaa36de7c228c6642749778c465013d0473446e01e4ff54783ddd4ff420579650849cc01b36f8f
    EAP-Message = 
0xb064292f52908af59613bb036d4fa9d4238fd2f16551c7858135f6c83d0e12ae11efc69893cf41ffea005da3ac74f072bbc0a3c70203010001a381df3081dc301d0603551d0e04160414bc5ec9fbde34a408aeda44ef1ecdbd6304016b3b3081ac0603551d230481a43081a18014bc5ec9fbde34a408aeda44ef1ecdbd6304016b3ba17ea47c307a310b3009060355040613024855310f300d06035504081306526164697573310b300906035504071302425031123010060355040a13094575726f776179436f3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311730150603550403130e4575726f776179202d
    EAP-Message = 
0x2074657374820900beb5e5e3c2e2e2c7300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010094f59def54e587375833239b06ce0ea628a11bb58e12499fef6d20bfe3bac19d9ac3aadfff76d26c6f392474c732c527c235b837fa9fbba935359a08d780700461e497a14ffd764057e152fdee967b43f6c7415f100d6c4e66881438114ab7e412ce0adb505e596ac4122d8a0a659fd675c56f454af1ac26078503542be3a72aa435196164adcf5b5982cd11b34c37b125259fa1972af2ad72882c399d674ee93e1369fae737b202821d101770c874653b4f8e92e989eaf595c6d6d25f60bef66a1176165441646dbf4df2
    EAP-Message = 0x11cab218fa8f4e66
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabc8abd1a8ceb2b294a359e00e4a0280
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=165, 
length=136
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0x18b595cd27360479999f0e991c25c71d
    EAP-Message = 0x020600061900
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0xabc8abd1a8ceb2b294a359e00e4a0280
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 165 to 10.0.0.1 port 1645
    EAP-Message = 
0x0107003c1900a582e6941e00fef6b97e9eb7c20a7f351fc3c8189718bac754032bc32558e95901f3e92f70956a450525bf4c2a16030100040e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabc8abd1afcfb2b294a359e00e4a0280
Finished request 15.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 11 ID 161 with timestamp +870
Cleaning up request 12 ID 162 with timestamp +870
Cleaning up request 13 ID 163 with timestamp +870
Cleaning up request 14 ID 164 with timestamp +870
Cleaning up request 15 ID 165 with timestamp +870
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=166, 
length=121
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0x62f213196b686d5e823d949bab404a36
    EAP-Message = 0x020800090168656765
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns updated
[files] users: Matched entry hege at line 72
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 166 to 10.0.0.1 port 1645
    EAP-Message = 0x010900061520
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x098c4fcb09855af82cd96723f3718fb6
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=167, 
length=136
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0x2983d4363303f824a476baa8782b692b
    EAP-Message = 0x020900060319
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0x098c4fcb09855af82cd96723f3718fb6
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns updated
[files] users: Matched entry hege at line 72
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 167 to 10.0.0.1 port 1645
    EAP-Message = 0x010a00061920
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x098c4fcb088656f82cd96723f3718fb6
Finished request 17.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=168, 
length=245
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0x99b461968278fe5a81b293c93aed0e28
    EAP-Message = 
0x020a00731980000000691603010064010000600301497086d5a0af3d70f0e565bf19123dac1c61592f51d53728637c6a778d93d432000018002f00350005000ac009c00ac013c01400320038001300040100001f00000009000700000468656765000a00080006001700180019000b00020100
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0x098c4fcb088656f82cd96723f3718fb6
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 115
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 105
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0064], ClientHello 
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello 
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 07e5], Certificate 
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode 
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 168 to 10.0.0.1 port 1645
    EAP-Message = 
0x010b040019c000000822160301002a020000260301497086db60e12c9924404ff788961547d874e6363afae4b14f3b98fadc6ba7cb00002f0016030107e50b0007e10007de00037d3082037930820261a003020102020101300d06092a864886f70d0101040500307a310b3009060355040613024855310f300d06035504081306526164697573310b300906035504071302425031123010060355040a13094575726f776179436f3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311730150603550403130e4575726f776179202d2074657374301e170d3039303131343131343532325a170d31393031313231
    EAP-Message = 
0x31343532325a306d310b3009060355040613024855310f300d0603550408130652616469757331123010060355040a13094575726f776179436f311730150603550403130e4575726f776179202d20746573743120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d28aa07953ca400f01cf32debbc9e44a34b6691ea0d130f7208e3b67addf8f4c375917c3e6cd5029eeafee298fc54dab97b0909967b77bde6eccecef7d9872c33f8b8a3dff873504ea02b2a114409ce3a82efdab4ad37bd21d8d1832e08a5fb4a84cf09e81a0c2
    EAP-Message = 
0x4916598ceee0d98ac4aaa54e1efe127b33d03895c3078dc1c03549403ee4ff4395e354d9a43d3bf54adf51a754ea7bbd9f1cdfb63320bcd838ab8e634a1d2c6185605a6b3d99ac5422f4c8dabea575caaeb2e3826849c4cf40344614e4e7cb7ddeaae82412a2c83dce36b7b356bbfbdfddba3245403954b53f23d0a7df58b5a4cefa4441dd1b9289c74c81d08433a5390f5f3a2a2b63a6aac50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010067ec221461a27d061d5b56b04dafc6abacb96bed188944064ed1dd20f786c59c4bab761106ee2f7e14786db9767b9dad77bd
    EAP-Message = 
0xc28a44140e19ec0ac5dabb2a4b2e31287cd507e30259378e4ede0024256090a2c9a28be0e3278b4e94c92545c89f4c650b0dc2e51b6c651ac691cf83026ae629d71c81d09f122d5f004c1805e55dcf32220f934a7701da8c200d7462477fac41018103aed3eeca37916241296df05069991e4d4fb82eec1a86f81b6de6db1dc805ed9f023dc6a914990e48dbc2983baeb6c58469aeb85bad3f58affe1fb5fa51596213a45581af22a8a5c0bdc62f1d02041ea78cdd8b0481c3af9ce58903e376f79bbb6f61837ef3dfbad8e5c2e100045b308204573082033fa003020102020900beb5e5e3c2e2e2c7300d06092a864886f70d0101050500307a310b30
    EAP-Message = 0x09060355040613024855310f
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x098c4fcb0b8756f82cd96723f3718fb6
Finished request 18.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=169, 
length=136
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0x5d5691d12dd6b1a4449785c5ddcaf5c5
    EAP-Message = 0x020b00061900
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0x098c4fcb0b8756f82cd96723f3718fb6
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 169 to 10.0.0.1 port 1645
    EAP-Message = 
0x010c03fc1940300d06035504081306526164697573310b300906035504071302425031123010060355040a13094575726f776179436f3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311730150603550403130e4575726f776179202d2074657374301e170d3039303131343131343531345a170d3139303131323131343531345a307a310b3009060355040613024855310f300d06035504081306526164697573310b300906035504071302425031123010060355040a13094575726f776179436f3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311730150603550403
    EAP-Message = 
0x130e4575726f776179202d207465737430820122300d06092a864886f70d01010105000382010f003082010a0282010100bc9d773453aaedb311ec7dc7b7852ec03f93af8a86861b3f2328a3bc3cadcfb6f2a915d02c5731049e1518cd6a4bbb1174ff92e2bba1467e1c92c2de0c2fce122fcb66c84991ec9fa1c4889adf3bec2eaa5aa5049c36dccb7d35f5f1e5875e6d6159b23c928984a92acb3ae5f7993a24f8361e91539f81ed172f0cc8809d7296284cfc8ee01071afadbf69591aac279bfc2e322de8026928ce694460650a648cf05d02780daaa36de7c228c6642749778c465013d0473446e01e4ff54783ddd4ff420579650849cc01b36f8f
    EAP-Message = 
0xb064292f52908af59613bb036d4fa9d4238fd2f16551c7858135f6c83d0e12ae11efc69893cf41ffea005da3ac74f072bbc0a3c70203010001a381df3081dc301d0603551d0e04160414bc5ec9fbde34a408aeda44ef1ecdbd6304016b3b3081ac0603551d230481a43081a18014bc5ec9fbde34a408aeda44ef1ecdbd6304016b3ba17ea47c307a310b3009060355040613024855310f300d06035504081306526164697573310b300906035504071302425031123010060355040a13094575726f776179436f3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311730150603550403130e4575726f776179202d
    EAP-Message = 
0x2074657374820900beb5e5e3c2e2e2c7300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010094f59def54e587375833239b06ce0ea628a11bb58e12499fef6d20bfe3bac19d9ac3aadfff76d26c6f392474c732c527c235b837fa9fbba935359a08d780700461e497a14ffd764057e152fdee967b43f6c7415f100d6c4e66881438114ab7e412ce0adb505e596ac4122d8a0a659fd675c56f454af1ac26078503542be3a72aa435196164adcf5b5982cd11b34c37b125259fa1972af2ad72882c399d674ee93e1369fae737b202821d101770c874653b4f8e92e989eaf595c6d6d25f60bef66a1176165441646dbf4df2
    EAP-Message = 0x11cab218fa8f4e66
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x098c4fcb0a8056f82cd96723f3718fb6
Finished request 19.
Going to the next request
Waking up in 3.7 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=170, 
length=136
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0xee115d56b2b421fb3b83d6291435142b
    EAP-Message = 0x020c00061900
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0x098c4fcb0a8056f82cd96723f3718fb6
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 12 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 170 to 10.0.0.1 port 1645
    EAP-Message = 
0x010d003c1900a582e6941e00fef6b97e9eb7c20a7f351fc3c8189718bac754032bc32558e95901f3e92f70956a450525bf4c2a16030100040e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x098c4fcb0d8156f82cd96723f3718fb6
Finished request 20.
Going to the next request
Waking up in 2.2 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 1645, id=171, 
length=136
    User-Name = "hege"
    Framed-MTU = 1400
    Called-Station-Id = "001f.6ca9.4240"
    Calling-Station-Id = "001f.3cae.fb9d"
    Service-Type = Login-User
    Message-Authenticator = 0xfea20039d4ddf45f02b0b94dfa8e4174
    EAP-Message = 0x020d00061900
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 317
    State = 0x098c4fcb0d8156f82cd96723f3718fb6
    NAS-IP-Address = 10.0.0.1
    NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hege", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 13 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 171 to 10.0.0.1 port 1645
    EAP-Message = 0x010e00061900
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x098c4fcb0c8256f82cd96723f3718fb6
Finished request 21.
Going to the next request
Waking up in 0.6 seconds.
Cleaning up request 16 ID 166 with timestamp +875
Cleaning up request 17 ID 167 with timestamp +875
Cleaning up request 18 ID 168 with timestamp +875
Waking up in 1.1 seconds.
Cleaning up request 19 ID 169 with timestamp +876
Waking up in 1.4 seconds.
Cleaning up request 20 ID 170 with timestamp +878
Waking up in 1.6 seconds.
Cleaning up request 21 ID 171 with timestamp +879
Ready to process requests.



 



If I use TLS in the eap module




More information about the Freeradius-Users mailing list