Getting EAP-TTLS/TLS working

greg.huber greg.huber at carestream.com
Tue Feb 11 19:53:16 CET 2014 

Thank you for getting back so quickly.

Below is the excerpt you requested, I hope there is enough

We are running "FreeRADIUS Version 2.2.0" The package was compiled by Red Hat
and we are running it on Fedora 19. The client is running wpa_supplicant 2.0
compiled
for ARM. I have also tried version 0.5.9 of the supplicant with similar results.



Tue Feb 11 13:45:17 2014 : Info: [ttls] Session established.  Proceeding to
decode tunneled attributes.
Tue Feb 11 13:45:17 2014 : Info: [ttls] Got tunneled request
    EAP-Message = 0x0200000e01616e6f6e796d6f7573
    FreeRADIUS-Proxied-To = 127.0.0.1
Tue Feb 11 13:45:17 2014 : Info: [ttls] Got tunneled identity of anonymous
Tue Feb 11 13:45:17 2014 : Info: [ttls] Setting default EAP type for tunneled
EAP session.
Tue Feb 11 13:45:17 2014 : Info: [ttls] Sending tunneled request
    EAP-Message = 0x0200000e01616e6f6e796d6f7573
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "anonymous"
server inner-tunnel {
Tue Feb 11 13:45:17 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
Tue Feb 11 13:45:17 2014 : Info: +- entering group authorize {...}
Tue Feb 11 13:45:17 2014 : Info: ++[chap] returns noop
Tue Feb 11 13:45:17 2014 : Info: ++[mschap] returns noop
Tue Feb 11 13:45:17 2014 : Info: [suffix] No '@' in User-Name = "anonymous",
looking up realm NULL
Tue Feb 11 13:45:17 2014 : Info: [suffix] Found realm "NULL"
Tue Feb 11 13:45:17 2014 : Info: [suffix] Adding Stripped-User-Name = "anonymous"
Tue Feb 11 13:45:17 2014 : Info: [suffix] Adding Realm = "NULL"
Tue Feb 11 13:45:17 2014 : Info: [suffix] Authentication realm is LOCAL.
Tue Feb 11 13:45:17 2014 : Info: ++[suffix] returns ok
Tue Feb 11 13:45:17 2014 : Info: ++[control] returns ok
Tue Feb 11 13:45:17 2014 : Info: [inner-eap] EAP packet type response id 0 length 14
Tue Feb 11 13:45:17 2014 : Info: [inner-eap] No EAP Start, assuming it's an
on-going EAP conversation
Tue Feb 11 13:45:17 2014 : Info: ++[inner-eap] returns updated
Tue Feb 11 13:45:17 2014 : Info: [files] users: Matched entry anonymous at line 45
Tue Feb 11 13:45:17 2014 : Info: ++[files] returns ok
Tue Feb 11 13:45:17 2014 : Info: ++[expiration] returns noop
Tue Feb 11 13:45:17 2014 : Info: ++[logintime] returns noop
Tue Feb 11 13:45:17 2014 : Info: [pap] WARNING: Auth-Type already set.  Not
setting to PAP
Tue Feb 11 13:45:17 2014 : Info: ++[pap] returns noop
Tue Feb 11 13:45:17 2014 : Info: Found Auth-Type = inner-eap
Tue Feb 11 13:45:17 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/inner-tunnel
Tue Feb 11 13:45:17 2014 : Info: +- entering group authenticate {...}
Tue Feb 11 13:45:17 2014 : Info: [inner-eap] EAP Identity
Tue Feb 11 13:45:17 2014 : Info: [inner-eap] processing type tls
Tue Feb 11 13:45:17 2014 : Info: [tls] Requiring client certificate
Tue Feb 11 13:45:17 2014 : Info: [tls] Initiate
Tue Feb 11 13:45:17 2014 : Info: [tls] Start returned 1
Tue Feb 11 13:45:17 2014 : Info: ++[inner-eap] returns handled
} # server inner-tunnel
Tue Feb 11 13:45:17 2014 : Info: [ttls] Got tunneled reply code 11
    EAP-Message = 0x010100060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x684f998a684e94c5cdbcbd88fff6aa2e
Tue Feb 11 13:45:17 2014 : Info: [ttls] Got tunneled Access-Challenge
Tue Feb 11 13:45:17 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 193 to 10.0.1.254 port 1025
    EAP-Message =
0x0109003f158000000035170301003042c13a23d83deaa1c47b3c0320f418db1e54351306414aafe66a32ef7ca79b46102410bcad6c1a3a09cbfb8244b0b067
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x8d8d0ad78a841f65d1cd9864e3d16b9c
Tue Feb 11 13:45:17 2014 : Info: Finished request 20.
Tue Feb 11 13:45:17 2014 : Debug: Going to the next request
Tue Feb 11 13:45:17 2014 : Debug: Waking up in 3.5 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=194, length=418
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message =
0x020900e41580000000da170301002088322fc184326ac1d25b98fb3b8cd6dedd7258b024e54123649565ded46b18b717030100b0c35cbedadcb4d87cadd8cd390a45defcc30810bb7caa519107c664280a7e186f3ebf7712afa8e06c5ab27a9d85aedb5615ab0463548b73f6324e93755944f5fb1f67f07205a6a5e31531a0b59d0727e379251446ec406f0646ba396c048c00f417bc636371dde4d0dab4d889317b226596fba560f4d4e5625cdc01bbeb25ed36a29f1927227d590a44a4f4ddfd3bae4677d82ae16a8834bc96dc0cd06d945d36c54f5dfaea81ff05a7cccf57eb6b046c
    State = 0x8d8d0ad78a841f65d1cd9864e3d16b9c
    Message-Authenticator = 0xf8956678bb28ca3569e75c6e3cf6250c

Greg Huber
Embedded Development
Carestream Health

On 02/11/2014 01:06 PM, Alan DeKok wrote:
> [ttls] Session established.

More information about the Freeradius-Users mailing list