FreeRadius2(certos)+cisco2950+wpa_supplicant(win7) can't work with EAP-TLS

关旭 guanxu at aotuis.com
Tue Jun 26 12:15:13 CEST 2012


Hi!

         Just like the title,it work fine when I use  MSCHAPV2 or MD5, But
PEAP and EAP-TLS not works.

         I test Radius with eapol_test,It also work fine.

         Who can tell me the reason?

         WPA_supplicant config file ,Radius log, WPA_supplicant log as
follow:

The WPA_supplicant config:

network={
eap=TLS
eapol_flags=0
key_mgmt=IEEE8021X
identity="steve"
ca_cert="d:/certs/ca.pem"
client_cert="d:/certs/client.pem"
private_key="d:/certs/client.key"
private_key_passwd="whatever"
}


Radius Log:

FreeRADIUS Version 2.1.12, for host i686-redhat-linux-gnu, built on Feb 22
2012 at 15:07:38
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
……
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/raddb/modules/exec
  exec {
         wait = no
         input_pairs = "request"
         shell_escape = yes
  }
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/raddb/modules/expiration
  expiration {
         reply-message = "Password Has Expired  "
  }
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/raddb/modules/logintime
  logintime {
         reply-message = "You are calling outside your allowed timespan  "
         minimum-timeout = 60
  }
}
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
modules {
  Module: Creating Auth-Type = digest
  Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb/modules/pap
  pap {
         encryption_scheme = "auto"
         auto_header = no
  }
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
  mschap {
         use_mppe = yes
         require_encryption = no
         require_strong = no
         with_ntdomain_hack = no
         allow_retry = yes
  }
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/raddb/modules/unix
  unix {
         radwtmp = "/var/log/radius/radwtmp"
  }
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
  eap {
         default_eap_type = "tls"
         timer_expire = 60
         ignore_unknown_eap_types = no
         cisco_accounting_username_bug = no
         max_sessions = 4096
  }
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
   gtc {
         challenge = "Password: "
         auth_type = "PAP"
   }
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
   tls {
         rsa_key_exchange = no
         dh_key_exchange = yes
         rsa_key_length = 512
         dh_key_length = 512
         verify_depth = 0
         CA_path = "/etc/raddb/certs"
         pem_file_type = yes
         private_key_file = "/etc/raddb/certs/server.pem"
         certificate_file = "/etc/raddb/certs/server.pem"
         CA_file = "/etc/raddb/certs/ca.pem"
         private_key_password = "whatever"
         dh_file = "/etc/raddb/certs/dh"
         random_file = "/etc/raddb/certs/random"
         fragment_size = 1024
         include_length = yes
         check_crl = no
         cipher_list = "DEFAULT"
    cache {
         enable = no
         lifetime = 24
         max_entries = 255
    }
    verify {
    }
    ocsp {
         enable = no
         override_cert_url = yes
         url = "http://127.0.0.1/ocsp/"
    }
   }
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
   ttls {
         default_eap_type = "md5"
         copy_request_to_tunnel = no
         use_tunneled_reply = no
         virtual_server = "inner-tunnel"
         include_length = yes
   }
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
   peap {
         default_eap_type = "mschapv2"
         copy_request_to_tunnel = no
         use_tunneled_reply = no
         proxy_tunneled_request_as_eap = yes
         virtual_server = "inner-tunnel"
         soh = no
   }
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
   mschapv2 {
         with_ntdomain_hack = no
         send_error = no
   }
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/raddb/modules/preprocess
  preprocess {
         huntgroups = "/etc/raddb/huntgroups"
         hints = "/etc/raddb/hints"
         with_ascend_hack = no
         ascend_channels_per_line = 23
         with_ntdomain_hack = no
         with_specialix_jetstream_hack = no
         with_cisco_vsa_hack = no
         with_alvarion_vsa_hack = no
  }
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
  realm suffix {
         format = "suffix"
         delimiter = "@"
         ignore_default = no
         ignore_null = no
  }
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb/modules/files
  files {
         usersfile = "/etc/raddb/users"
         acctusersfile = "/etc/raddb/acct_users"
         preproxy_usersfile = "/etc/raddb/preproxy_users"
         compat = "no"
  }
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/raddb/modules/acct_unique
  acct_unique {
         key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
  }
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /etc/raddb/modules/detail
  detail {
         detailfile =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Addre
ss}}/detail-%Y%m%d"
         header = "%t"
         detailperm = 384
         dirperm = 493
         locking = no
         log_packet_header = no
  }
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
  radutmp {
         filename = "/var/log/radius/radutmp"
         username = "%{User-Name}"
         case_sensitive = yes
         check_with_nas = yes
         perm = 384
         callerid = yes
  }
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file
/etc/raddb/modules/attr_filter
  attr_filter attr_filter.accounting_response {
         attrsfile = "/etc/raddb/attrs.accounting_response"
         key = "%{User-Name}"
         relaxed = no
  }
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/etc/raddb/modules/attr_filter
  attr_filter attr_filter.access_reject {
         attrsfile = "/etc/raddb/attrs.access_reject"
         key = "%{User-Name}"
         relaxed = no
  }
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
         type = "auth"
         ipaddr = *
         port = 0
}
listen {
         type = "acct"
         ipaddr = *
         port = 0
}
listen {
         type = "control"
listen {
         socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
         type = "auth"
         ipaddr = 127.0.0.1
         port = 18120
}
... adding new socket proxy address * port 56269
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.119 port 1812, id=11,
length=100
         NAS-IP-Address = 192.168.2.119
         NAS-Port = 50017
         NAS-Port-Type = Ethernet
         User-Name = "steve"
         Calling-Station-Id = "F0-DE-F1-20-C6-3D"
         Service-Type = Framed-User
         EAP-Message = 0x02ce000a017374657665
         Message-Authenticator = 0xa802ef2a8a207c74b987a437d14bfec3
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "steve", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 206 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 11 to 192.168.2.119 port 1812
         EAP-Message = 0x01cf00060d20
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x24e5fa32242af760fa8fb1e8a324f118
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.119 port 1812, id=12,
length=202
         NAS-IP-Address = 192.168.2.119
         NAS-Port = 50017
         NAS-Port-Type = Ethernet
         User-Name = "steve"
         Calling-Station-Id = "F0-DE-F1-20-C6-3D"
         Service-Type = Framed-User
         State = 0x24e5fa32242af760fa8fb1e8a324f118
         EAP-Message =
0x02cf005e0d0016030100530100004f03014fe96c1e5a95f9ffae41bacd53fb9213b64e2595
1f0c2a7252fcd4f52bf5c79300002800390038003500160013000a00330032002f0007000500
04001500120009001400110008000600030100
         Message-Authenticator = 0xcc735903cd9168219e2b60b44bedb881
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "steve", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 207 length 94
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7 
[tls] Done initial handshake
[tls]     (other): before/accept initialization
[tls]     TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0053], ClientHello  
[tls]     TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello  
[tls]     TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 054a], Certificate  
[tls]     TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 014d], ServerKeyExchange  
[tls]     TLS_accept: SSLv3 write key exchange A
[tls] >>> TLS 1.0 Handshake [length 00a7], CertificateRequest  
[tls]     TLS_accept: SSLv3 write certificate request A
[tls]     TLS_accept: SSLv3 flush data
[tls]     TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase 
In SSL Accept mode  
[tls] eaptls_process returned 13 
++[eap] returns handled
Sending Access-Challenge of id 12 to 192.168.2.119 port 1812
         EAP-Message =
0x01d004000dc00000077c160301002a0200002603014fe973361dedff4cc5e6b2cca729a372
41878411a4b105ef552a918a14b6969900003900160301054a0b00054600054300021c308202
18308201c2a003020102020108300d06092a864886f70d0101050500308193310b3009060355
040613024652310f300d060355040813065261646975733112301006035504071309536f6d65
776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886
f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
6d706c6520436572746966696361746520417574686f72697479
         EAP-Message =
0x301e170d3132303631383036333330395a170d3232303432373036333330395a307c310b30
09060355040613024652310f300d0603550408130652616469757331153013060355040a130c
4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220
43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d
706c652e636f6d305c300d06092a864886f70d0101010500034b003048024100bb7ff06cdb39
45ac7fbd8545ccf7b279b761a5772b9f959d9c9885f97008c2a4b88231d6341bc956d5909960
511ffcbd7adddbc38b78b38c2bb5359300b233ef0203010001a3
         EAP-Message =
0x17301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105
050003410062f482f928bbf6f40379a11e2b4a810974aa2a1c1a0172cc5b28ebca870fd312dd
651a1609b821f5476d4b8d0685d2baa81ebaf6ee16bae85c1345f8c4985a8a0003213082031d
308202c7a0030201020209008218224f35e2e485300d06092a864886f70d0101050500308193
310b3009060355040613024652310f300d060355040813065261646975733112301006035504
071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030
1e06092a864886f70d010901161161646d696e406578616d706c
         EAP-Message =
0x652e636f6d312630240603550403131d4578616d706c652043657274696669636174652041
7574686f72697479301e170d3132303631383036333333315a170d3133303631333036333333
315a308193310b3009060355040613024652310f300d06035504081306526164697573311230
1006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e
632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126
30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
305c300d06092a864886f70d0101010500034b003048024100bf
         EAP-Message = 0x56ccd33e388350ce4e4fdf78
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x24e5fa322535f760fa8fb1e8a324f118
Finished request 1.
Going to the next request
Waking up in 4.6 seconds.
Cleaning up request 0 ID 11 with timestamp +6
Cleaning up request 1 ID 12 with timestamp +6
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x24e5fa322535f760 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.


The WPA_supplicant log:
……
OpenSSL: SSL_use_PrivateKey_File (PEM) --> OK
SSL: Private key loaded successfully
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 88 bytes pending from ssl_out
SSL: 88 bytes left to be sent out (of total 88 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=98): 01 00 00 5e 02 0d 00 5e 0d 00 16 03 01 00 53 01
00 00 4f 03 01 4f e9 6a bc 62 4d ad 5b 77 af a7 9a d9 b4 10 ab 6e 73 5e 05
1b 1c 8a 09 29 f6 38 aa c9 52 5f 59 00 00 28 00 39 00 38 00 35 00 16 00 13
00 0a 00 33 00 32 00 2f 00 07 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00
08 00 06 00 03 01 00
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:09:b7:f5:47:d1
RX EAPOL - hexdump(len=46): 01 00 00 04 04 0d 00 04 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: Supplicant port status: Unauthorized
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
EAPOL authentication completed unsuccessfully
EAPOL: startWhen --> 0
EAPOL: authWhile --> 0
EAPOL: idleWhile --> 0
EAPOL: heldWhile --> 0
EAPOL: disable timer tick
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: enable timer tick
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: Supplicant port status: Unauthorized
EAPOL: SUPP_BE entering state IDLE
EAPOL authentication completed unsuccessfully
RX EAPOL from 00:09:b7:f5:47:d1
RX EAPOL - hexdump(len=46): 01 00 00 04 04 0e 00 04 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: deinitialize previously used EAP method (13, TLS) at INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP-Success Id mismatch - reqId=14 lastId=-1
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:09:b7:f5:47:d1
RX EAPOL - hexdump(len=46): 01 00 00 05 01 0f 00 05 01 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=15 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=5):
     73 74 65 76 65                                    steve           
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=14): 01 00 00 0a 02 0f 00 0a 01 73 74 65 76 65
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:09:b7:f5:47:d1
RX EAPOL - hexdump(len=46): 01 00 00 06 01 10 00 06 0d 20 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=16 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
OpenSSL: tls_connection_client_cert - SSL_use_certificate_file (DER) failed
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL
routines:SSL_use_certificate_file:ASN1 lib
OpenSSL: SSL_use_certificate_file (PEM) --> OK
OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed
error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
OpenSSL: pending error: error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:0D09A00D:asn1 encoding
routines:d2i_PrivateKey:ASN1 lib
OpenSSL: pending error: error:140CB00D:SSL
routines:SSL_use_PrivateKey_file:ASN1 lib
OpenSSL: SSL_use_PrivateKey_File (PEM) --> OK
SSL: Private key loaded successfully
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 88 bytes pending from ssl_out
SSL: 88 bytes left to be sent out (of total 88 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=98): 01 00 00 5e 02 10 00 5e 0d 00 16 03 01 00 53 01
00 00 4f 03 01 4f e9 6a f9 99 22 ae 19 c9 55 85 82 e4 cb 9d 95 e2 1b 9b 99
f4 13 d2 6c 8c 9d 48 5e ac 51 53 1f 00 00 28 00 39 00 38 00 35 00 16 00 13
00 0a 00 33 00 32 00 2f 00 07 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00
08 00 06 00 03 01 00
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
RX EAPOL from 00:09:b7:f5:47:d1
RX EAPOL - hexdump(len=46): 01 00 00 04 04 10 00 04 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: Supplicant port status: Unauthorized
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
EAPOL authentication completed unsuccessfully
CTRL-EVENT-TERMINATING - signal 0 received
Removing interface {5B7842B2-12D2-4B22-8600-4AA17EFCD322}
NDIS: Set OID 0d010102 - hexdump(len=36): [REMOVED]
ndis_set_oid: oid=0xd010102 len (36) failed
No keys have been configured - skip key clearing
State: ASSOCIATED -> DISCONNECTED
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portValid=0
EAPOL: Supplicant port status: Unauthorized
No keys have been configured - skip key clearing
EAP: deinitialize previously used EAP method (13, TLS) at EAP deinit
Cancelling scan request
Cancelling authentication timeout
ndis_events: terminated
NDIS: Set OID 0d010102 - hexdump(len=36): [REMOVED]
ndis_set_oid: oid=0xd010102 len (36) failed
NDIS: Set OID 0d010115 - hexdump(len=4): [REMOVED]
ndis_set_oid: oid=0xd010115 len (4) failed
NDIS: failed to disassociate and turn radio off
CTRL: close pipe 005E3258



Thank you!



More information about the Freeradius-Users mailing list