access reject

Harish Mandowara harishm at cdac.in
Mon Dec 5 14:56:09 CET 2011 

Hi all,

i am connecting network-manager to freeradius server. It showing access
reject. I am using server.crt which is provided by freeradius it self.
Please check and reply.
error paste below

rad_recv: Access-Request packet from host 192.168.21.2 port 32768, id=0,
length=153
Cleaning up request 95 ID 0 with timestamp +543
	User-Name = "testing123"
	NAS-IP-Address = 192.168.21.2
	Called-Station-Id = "30469a872e66"
	Calling-Station-Id = "1caff76ce38c"
	NAS-Identifier = "30469a872e66"
	NAS-Port = 3
	Framed-MTU = 1400
	State = 0x05139c0406178548b5e80cb0708716d1
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x0204001119800000000715030100020230
	Message-Authenticator = 0xfd142706451c8cf676b90ad74a062ecb
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testing123", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 17
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 7
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca  
TLS Alert read:fatal:unknown CA
    TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[peap] eaptls_process returned 4 
[peap] EAPTLS_OTHERS
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> testing123
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 96 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 96
Sending Access-Reject of id 0 to 192.168.21.2 port 32768
	EAP-Message = 0x04040004
	Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.


-- 
Warm Regards

Harish Mandowara



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Freeradius-Users mailing list