<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2722" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>Hallo everybody,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I have a problem with authenticating my laptop with
XP to the freeradius server running on Fedora.</FONT></DIV>
<DIV><FONT face=Arial size=2>Seems that the authenticating proces is in an
endless loop. The hotfix KB885453 for XP SP2 wireless</FONT></DIV>
<DIV><FONT face=Arial size=2>authentication failure not resolved the problem.
Here the log from freeradius, the onl error I can see is :</FONT></DIV>
<DIV><FONT face=Arial size=2>"<FONT size=2>TLS_accept:error in SSLv3 read client
certificate A".</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Can anyone please teel me what is hoing
wrong?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>With regards,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Jurgen</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$</FONT></DIV>
<DIV><FONT size=2>
<P>Starting - reading configuration files ...</P>
<P>reread_config: reading radiusd.conf</P>
<P>Config: including file: /etc/raddb/proxy.conf</P>
<P>Config: including file: /etc/raddb/clients.conf</P>
<P>Config: including file: /etc/raddb/snmp.conf</P>
<P>Config: including file: /etc/raddb/eap.conf</P>
<P>Config: including file: /etc/raddb/sql.conf</P>
<P>main: prefix = "/usr/local"</P>
<P>main: localstatedir = "/var"</P>
<P>main: logdir = "/var/log/radius"</P>
<P>main: libdir = "/usr/local/lib"</P>
<P>main: radacctdir = "/var/log/radius/radacct"</P>
<P>main: hostname_lookups = no</P>
<P>main: max_request_time = 30</P>
<P>main: cleanup_delay = 5</P>
<P>main: max_requests = 1024</P>
<P>main: delete_blocked_requests = 0</P>
<P>main: port = 0</P>
<P>main: allow_core_dumps = no</P>
<P>main: log_stripped_names = no</P>
<P>main: log_file = "/var/log/radius/radius.log"</P>
<P>main: log_auth = yes</P>
<P>main: log_auth_badpass = yes</P>
<P>main: log_auth_goodpass = yes</P>
<P>main: pidfile = "/var/run/radiusd/radiusd.pid"</P>
<P>main: user = "(null)"</P>
<P>main: group = "(null)"</P>
<P>main: usercollide = no</P>
<P>main: lower_user = "no"</P>
<P>main: lower_pass = "no"</P>
<P>main: nospace_user = "no"</P>
<P>main: nospace_pass = "no"</P>
<P>main: checkrad = "/usr/local/sbin/checkrad"</P>
<P>main: proxy_requests = yes</P>
<P>proxy: retry_delay = 5</P>
<P>proxy: retry_count = 3</P>
<P>proxy: synchronous = no</P>
<P>proxy: default_fallback = yes</P>
<P>proxy: dead_time = 120</P>
<P>proxy: post_proxy_authorize = yes</P>
<P>proxy: wake_all_if_all_dead = no</P>
<P>security: max_attributes = 200</P>
<P>security: reject_delay = 1</P>
<P>security: status_server = no</P>
<P>main: debug_level = 0</P>
<P>read_config_files: reading dictionary</P>
<P>read_config_files: reading naslist</P>
<P>Using deprecated naslist file. Support for this will go away soon.</P>
<P>read_config_files: reading clients</P>
<P>read_config_files: reading realms</P>
<P>radiusd: entering modules setup</P>
<P>Module: Library search path is /usr/local/lib</P>
<P>Module: Loaded exec </P>
<P>exec: wait = yes</P>
<P>exec: program = "(null)"</P>
<P>exec: input_pairs = "request"</P>
<P>exec: output_pairs = "(null)"</P>
<P>exec: packet_type = "(null)"</P>
<P>rlm_exec: Wait=yes but no output defined. Did you mean output=none?</P>
<P>Module: Instantiated exec (exec) </P>
<P>Module: Loaded expr </P>
<P>Module: Instantiated expr (expr) </P>
<P>Module: Loaded System </P>
<P>unix: cache = no</P>
<P>unix: passwd = "/etc/passwd"</P>
<P>unix: shadow = "/etc/shadow"</P>
<P>unix: group = "/etc/group"</P>
<P>unix: radwtmp = "/var/log/radius/radwtmp"</P>
<P>unix: usegroup = no</P>
<P>unix: cache_reload = 600</P>
<P>Module: Instantiated unix (unix) </P>
<P>Module: Loaded eap </P>
<P>eap: default_eap_type = "tls"</P>
<P>eap: timer_expire = 60</P>
<P>eap: ignore_unknown_eap_types = no</P>
<P>eap: cisco_accounting_username_bug = no</P>
<P>tls: rsa_key_exchange = no</P>
<P>tls: dh_key_exchange = yes</P>
<P>tls: rsa_key_length = 512</P>
<P>tls: dh_key_length = 512</P>
<P>tls: verify_depth = 0</P>
<P>tls: CA_path = "(null)"</P>
<P>tls: pem_file_type = yes</P>
<P>tls: private_key_file = "/var/ssl/fedora.pem"</P>
<P>tls: certificate_file = "/var/ssl/fedora.pem"</P>
<P>tls: CA_file = "/var/ssl/root.pem"</P>
<P>tls: private_key_password = "defcon1"</P>
<P>tls: dh_file = "/var/ssl/dh"</P>
<P>tls: random_file = "/var/ssl/random-data.bin"</P>
<P>tls: fragment_size = 1024</P>
<P>tls: include_length = yes</P>
<P>tls: check_crl = no</P>
<P>tls: check_cert_cn = "(null)"</P>
<P>rlm_eap: Loaded and initialized type tls</P>
<P>ttls: default_eap_type = "md5"</P>
<P>ttls: copy_request_to_tunnel = no</P>
<P>ttls: use_tunneled_reply = no</P>
<P>rlm_eap: Loaded and initialized type ttls</P>
<P>Module: Instantiated eap (eap) </P>
<P>Module: Loaded preprocess </P>
<P>preprocess: huntgroups = "/etc/raddb/huntgroups"</P>
<P>preprocess: hints = "/etc/raddb/hints"</P>
<P>preprocess: with_ascend_hack = no</P>
<P>preprocess: ascend_channels_per_line = 23</P>
<P>preprocess: with_ntdomain_hack = no</P>
<P>preprocess: with_specialix_jetstream_hack = no</P>
<P>preprocess: with_cisco_vsa_hack = no</P>
<P>Module: Instantiated preprocess (preprocess) </P>
<P>Module: Loaded realm </P>
<P>realm: format = "suffix"</P>
<P>realm: delimiter = "@"</P>
<P>realm: ignore_default = no</P>
<P>realm: ignore_null = no</P>
<P>Module: Instantiated realm (suffix) </P>
<P>Module: Loaded files </P>
<P>files: usersfile = "/etc/raddb/users"</P>
<P>files: acctusersfile = "/etc/raddb/acct_users"</P>
<P>files: preproxy_usersfile = "/etc/raddb/preproxy_users"</P>
<P>files: compat = "no"</P>
<P>Module: Instantiated files (files) </P>
<P>Module: Loaded Acct-Unique-Session-Id </P>
<P>acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"</P>
<P>Module: Instantiated acct_unique (acct_unique) </P>
<P>Module: Loaded detail </P>
<P>detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"</P>
<P>detail: detailperm = 384</P>
<P>detail: dirperm = 493</P>
<P>detail: locking = no</P>
<P>Module: Instantiated detail (detail) </P>
<P>Module: Loaded radutmp </P>
<P>radutmp: filename = "/var/log/radius/radutmp"</P>
<P>radutmp: username = "%{User-Name}"</P>
<P>radutmp: case_sensitive = yes</P>
<P>radutmp: check_with_nas = yes</P>
<P>radutmp: perm = 384</P>
<P>radutmp: callerid = yes</P>
<P>Module: Instantiated radutmp (radutmp) </P>
<P>Listening on authentication *:1812</P>
<P>Listening on accounting *:1813</P>
<P>Ready to process requests.</P>
<P>rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0,
length=141</P>
<P>User-Name = "Jurgen Tessers"</P>
<P>NAS-IP-Address = 192.168.11.1</P>
<P>Called-Station-Id = "001217374d34"</P>
<P>Calling-Station-Id = "00904bfa38fd"</P>
<P>NAS-Identifier = "001217374d34"</P>
<P>NAS-Port = 63</P>
<P>Framed-MTU = 1400</P>
<P>NAS-Port-Type = Wireless-802.11</P>
<P>EAP-Message = 0x02000013014a757267656e2054657373657273</P>
<P>Message-Authenticator = 0x42efd7eecba0f25f6b411ac57d7ea548</P>
<P>Processing the authorize section of radiusd.conf</P>
<P>modcall: entering group authorize for request 0</P>
<P>modcall[authorize]: module "preprocess" returns ok for request 0</P>
<P>rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL</P>
<P>rlm_realm: No such realm "NULL"</P>
<P>modcall[authorize]: module "suffix" returns noop for request 0</P>
<P>rlm_eap: EAP packet type response id 0 length 19</P>
<P>rlm_eap: No EAP Start, assuming it's an on-going EAP conversation</P>
<P>modcall[authorize]: module "eap" returns updated for request 0</P>
<P>users: Matched entry Jurgen Tessers at line 98</P>
<P>modcall[authorize]: module "files" returns ok for request 0</P>
<P>modcall: group authorize returns updated for request 0</P>
<P>rad_check_password: Found Auth-Type EAP</P>
<P>auth: type "EAP"</P>
<P>Processing the authenticate section of radiusd.conf</P>
<P>modcall: entering group authenticate for request 0</P>
<P>rlm_eap: EAP Identity</P>
<P>rlm_eap: processing type tls</P>
<P>rlm_eap_tls: Requiring client certificate</P>
<P>rlm_eap_tls: Initiate</P>
<P>rlm_eap_tls: Start returned 1</P>
<P>modcall[authenticate]: module "eap" returns handled for request 0</P>
<P>modcall: group authenticate returns handled for request 0</P>
<P>Sending Access-Challenge of id 0 to 192.168.11.1:2048</P>
<P>EAP-Message = 0x010100060d20</P>
<P>Message-Authenticator = 0x00000000000000000000000000000000</P>
<P>State = 0x758c6f33ed1109d20b05b81c96e35e69</P>
<P>Finished request 0</P>
<P>Going to the next request</P>
<P>--- Walking the entire request list ---</P>
<P>Waking up in 6 seconds...</P>
<P>rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0,
length=220</P>
<P>User-Name = "Jurgen Tessers"</P>
<P>NAS-IP-Address = 192.168.11.1</P>
<P>Called-Station-Id = "001217374d34"</P>
<P>Calling-Station-Id = "00904bfa38fd"</P>
<P>NAS-Identifier = "001217374d34"</P>
<P>NAS-Port = 63</P>
<P>Framed-MTU = 1400</P>
<P>State = 0x758c6f33ed1109d20b05b81c96e35e69</P>
<P>NAS-Port-Type = Wireless-802.11</P>
<P>EAP-Message =
0x020100500d800000004616030100410100003d03014348fba69c26178521b8234e0344fe364cd297c8175c9b9fc78b1e1b493124bd00001600040005000a000900640062000300060013001200630100</P>
<P>Message-Authenticator = 0xe525ae2f6a17af6807c4cba4672d8cfe</P>
<P>Processing the authorize section of radiusd.conf</P>
<P>modcall: entering group authorize for request 1</P>
<P>modcall[authorize]: module "preprocess" returns ok for request 1</P>
<P>rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL</P>
<P>rlm_realm: No such realm "NULL"</P>
<P>modcall[authorize]: module "suffix" returns noop for request 1</P>
<P>rlm_eap: EAP packet type response id 1 length 80</P>
<P>rlm_eap: No EAP Start, assuming it's an on-going EAP conversation</P>
<P>modcall[authorize]: module "eap" returns updated for request 1</P>
<P>users: Matched entry Jurgen Tessers at line 98</P>
<P>modcall[authorize]: module "files" returns ok for request 1</P>
<P>modcall: group authorize returns updated for request 1</P>
<P>rad_check_password: Found Auth-Type EAP</P>
<P>auth: type "EAP"</P>
<P>Processing the authenticate section of radiusd.conf</P>
<P>modcall: entering group authenticate for request 1</P>
<P>rlm_eap: Request found, released from the list</P>
<P>rlm_eap: EAP/tls</P>
<P>rlm_eap: processing type tls</P>
<P>rlm_eap_tls: Authenticate</P>
<P>rlm_eap_tls: processing TLS</P>
<P>rlm_eap_tls: Length Included</P>
<P>eaptls_verify returned 11 </P>
<P>(other): before/accept initialization </P>
<P>TLS_accept: before/accept initialization </P>
<P>rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello </P>
<P>TLS_accept: SSLv3 read client hello A </P>
<P>rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello </P>
<P>TLS_accept: SSLv3 write server hello A </P>
<P>rlm_eap_tls: >>> TLS 1.0 Handshake [length 02ed], Certificate </P>
<P>TLS_accept: SSLv3 write certificate A </P>
<P>rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b6], CertificateRequest
</P>
<P>TLS_accept: SSLv3 write certificate request A </P>
<P>TLS_accept: SSLv3 flush data </P>
<P>In SSL Handshake Phase </P>
<P>In SSL Accept mode </P>
<P>eaptls_process returned 13 </P>
<P>modcall[authenticate]: module "eap" returns handled for request 1</P>
<P>modcall: group authenticate returns handled for request 1</P>
<P>Sending Access-Challenge of id 0 to 192.168.11.1:2048</P>
<P>EAP-Message =
0x010204060d80000003fc160301004a0200004603014348fbcebd072024a76a70a8c08fb949728a21e9713d44fbbc38a6f1348783c5206b79ec137c31849951ea86a02e347cfff2bd39195ed056e4d8ec15a87656c23c00040016030102ed0b0002e90002e60002e3308202df30820248a003020102020900fc8e09110b5a3eca300d06092a864886f70d01010405003081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e7431183016060355040313</P>
<P>EAP-Message =
0x0f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c67656d65656e406368656c6c6f2e6e6c301e170d3035313030363231323734355a170d3036313030363231323734355a3081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e74311830160603550403130f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c67656d65656e406368656c6c6f</P>
<P>EAP-Message =
0x2e6e6c30819f300d06092a864886f70d010101050003818d0030818902818100dafaddb5bba8f2e1f54d2bf108425809657fa562555efcacf79362cb331b3e4f7030b88616bfa844a5f080e4ad8d2aac9a10ce9958b1dd4ada4a072739835228adc33bd0bd9fde3f17dd1356d101a26483440459b6f534cc0c622fb4687b34f16498cdeb85fdb939ec8796e633559dc6c99ee31d77cbed8f3bf9aae3453a37b30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810025b480d3991d0e431bc87c4647c2a5ad35fbd813fd445c9280bbd24c75531393326e5640edd78bc99f0f8ecc</P>
<P>EAP-Message =
0x9bc9bb1c110d1a31aab8891ad1e1c030d114edfb73dfbe273a2e6eb216058ac53068970c8b9327a84f8d94c3dc0c3ee8a19ae8e24f87a962d6d88f72e4ff55880ef3d77aee2961499ae85d4bea5bec7c8e26c7f916030100b60d0000ae02010200a900a73081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e74311830160603550403130f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c6765</P>
<P>EAP-Message = 0x6d65656e406368656c6c6f2e6e6c0e000000</P>
<P>Message-Authenticator = 0x00000000000000000000000000000000</P>
<P>State = 0xc726a400fa2291a52450d13323be42d4</P>
<P>Finished request 1</P>
<P>Going to the next request</P>
<P>Waking up in 6 seconds...</P>
<P>rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0,
length=146</P>
<P>User-Name = "Jurgen Tessers"</P>
<P>NAS-IP-Address = 192.168.11.1</P>
<P>Called-Station-Id = "001217374d34"</P>
<P>Calling-Station-Id = "00904bfa38fd"</P>
<P>NAS-Identifier = "001217374d34"</P>
<P>NAS-Port = 63</P>
<P>Framed-MTU = 1400</P>
<P>State = 0xc726a400fa2291a52450d13323be42d4</P>
<P>NAS-Port-Type = Wireless-802.11</P>
<P>EAP-Message = 0x020200060d00</P>
<P>Message-Authenticator = 0x054ce4d4cd628812e4711d357c4fddc7</P>
<P>Processing the authorize section of radiusd.conf</P>
<P>modcall: entering group authorize for request 2</P>
<P>modcall[authorize]: module "preprocess" returns ok for request 2</P>
<P>rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL</P>
<P>rlm_realm: No such realm "NULL"</P>
<P>modcall[authorize]: module "suffix" returns noop for request 2</P>
<P>rlm_eap: EAP packet type response id 2 length 6</P>
<P>rlm_eap: No EAP Start, assuming it's an on-going EAP conversation</P>
<P>modcall[authorize]: module "eap" returns updated for request 2</P>
<P>users: Matched entry Jurgen Tessers at line 98</P>
<P>modcall[authorize]: module "files" returns ok for request 2</P>
<P>modcall: group authorize returns updated for request 2</P>
<P>rad_check_password: Found Auth-Type EAP</P>
<P>auth: type "EAP"</P>
<P>Processing the authenticate section of radiusd.conf</P>
<P>modcall: entering group authenticate for request 2</P>
<P>rlm_eap: Request found, released from the list</P>
<P>rlm_eap: EAP/tls</P>
<P>rlm_eap: processing type tls</P>
<P>rlm_eap_tls: Authenticate</P>
<P>rlm_eap_tls: processing TLS</P>
<P>rlm_eap_tls: Received EAP-TLS ACK message</P>
<P>rlm_eap_tls: ack handshake fragment handler</P>
<P>eaptls_verify returned 1 </P>
<P>eaptls_process returned 13 </P>
<P>modcall[authenticate]: module "eap" returns handled for request 2</P>
<P>modcall: group authenticate returns handled for request 2</P>
<P>Sending Access-Challenge of id 0 to 192.168.11.1:2048</P>
<P>EAP-Message = 0x0103000a0d8000000000</P>
<P>Message-Authenticator = 0x00000000000000000000000000000000</P>
<P>State = 0x01a742a626d26fb7df45c5d4fc5ecdd1</P>
<P>Finished request 2</P>
<P>Going to the next request</P>
<P>Waking up in 6 seconds...</P>
<P>--- Walking the entire request list ---</P>
<P>Cleaning up request 2 ID 0 with timestamp 4348fbce</P>
<P>Nothing to do. Sleeping until we see a request.</P>
<P>rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0,
length=141</P>
<P>User-Name = "Jurgen Tessers"</P>
<P>NAS-IP-Address = 192.168.11.1</P>
<P>Called-Station-Id = "001217374d34"</P>
<P>Calling-Station-Id = "00904bfa38fd"</P>
<P>NAS-Identifier = "001217374d34"</P>
<P>NAS-Port = 63</P>
<P>Framed-MTU = 1400</P>
<P>NAS-Port-Type = Wireless-802.11</P>
<P>EAP-Message = 0x02010013014a757267656e2054657373657273</P>
<P>Message-Authenticator = 0x2d3a178165a103c97790a2265f4d9d94</P>
<P>Processing the authorize section of radiusd.conf</P>
<P>modcall: entering group authorize for request 3</P>
<P>modcall[authorize]: module "preprocess" returns ok for request 3</P>
<P>rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL</P>
<P>rlm_realm: No such realm "NULL"</P>
<P>modcall[authorize]: module "suffix" returns noop for request 3</P>
<P>rlm_eap: EAP packet type response id 1 length 19</P>
<P>rlm_eap: No EAP Start, assuming it's an on-going EAP conversation</P>
<P>modcall[authorize]: module "eap" returns updated for request 3</P>
<P>users: Matched entry Jurgen Tessers at line 98</P>
<P>modcall[authorize]: module "files" returns ok for request 3</P>
<P>modcall: group authorize returns updated for request 3</P>
<P>rad_check_password: Found Auth-Type EAP</P>
<P>auth: type "EAP"</P>
<P>Processing the authenticate section of radiusd.conf</P>
<P>modcall: entering group authenticate for request 3</P>
<P>rlm_eap: EAP Identity</P>
<P>rlm_eap: processing type tls</P>
<P>rlm_eap_tls: Requiring client certificate</P>
<P>rlm_eap_tls: Initiate</P>
<P>rlm_eap_tls: Start returned 1</P>
<P>modcall[authenticate]: module "eap" returns handled for request 3</P>
<P>modcall: group authenticate returns handled for request 3</P>
<P>Sending Access-Challenge of id 0 to 192.168.11.1:2048</P>
<P>EAP-Message = 0x010200060d20</P>
<P>Message-Authenticator = 0x00000000000000000000000000000000</P>
<P>State = 0xeae76b6fc48204bc626dc0cf8ee55037</P>
<P>Finished request 3</P>
<P>Going to the next request</P>
<P>--- Walking the entire request list ---</P>
<P>Waking up in 6 seconds...</P>
<P>rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0,
length=220</P>
<P>User-Name = "Jurgen Tessers"</P>
<P>NAS-IP-Address = 192.168.11.1</P>
<P>Called-Station-Id = "001217374d34"</P>
<P>Calling-Station-Id = "00904bfa38fd"</P>
<P>NAS-Identifier = "001217374d34"</P>
<P>NAS-Port = 63</P>
<P>Framed-MTU = 1400</P>
<P>State = 0xeae76b6fc48204bc626dc0cf8ee55037</P>
<P>NAS-Port-Type = Wireless-802.11</P>
<P>EAP-Message =
0x020200500d800000004616030100410100003d03014348fbc478dfe6e9659dc502bd26acfcd57a22745369041bda99d550e1a50e0100001600040005000a000900640062000300060013001200630100</P>
<P>Message-Authenticator = 0xcf01888715ab7f343baf3bc2ff254d6d</P>
<P>Processing the authorize section of radiusd.conf</P>
<P>modcall: entering group authorize for request 4</P>
<P>modcall[authorize]: module "preprocess" returns ok for request 4</P>
<P>rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL</P>
<P>rlm_realm: No such realm "NULL"</P>
<P>modcall[authorize]: module "suffix" returns noop for request 4</P>
<P>rlm_eap: EAP packet type response id 2 length 80</P>
<P>rlm_eap: No EAP Start, assuming it's an on-going EAP conversation</P>
<P>modcall[authorize]: module "eap" returns updated for request 4</P>
<P>users: Matched entry Jurgen Tessers at line 98</P>
<P>modcall[authorize]: module "files" returns ok for request 4</P>
<P>modcall: group authorize returns updated for request 4</P>
<P>rad_check_password: Found Auth-Type EAP</P>
<P>auth: type "EAP"</P>
<P>Processing the authenticate section of radiusd.conf</P>
<P>modcall: entering group authenticate for request 4</P>
<P>rlm_eap: Request found, released from the list</P>
<P>rlm_eap: EAP/tls</P>
<P>rlm_eap: processing type tls</P>
<P>rlm_eap_tls: Authenticate</P>
<P>rlm_eap_tls: processing TLS</P>
<P>rlm_eap_tls: Length Included</P>
<P>eaptls_verify returned 11 </P>
<P>(other): before/accept initialization </P>
<P>TLS_accept: before/accept initialization </P>
<P>rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello </P>
<P>TLS_accept: SSLv3 read client hello A </P>
<P>rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello </P>
<P>TLS_accept: SSLv3 write server hello A </P>
<P>rlm_eap_tls: >>> TLS 1.0 Handshake [length 02ed], Certificate </P>
<P>TLS_accept: SSLv3 write certificate A </P>
<P>rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b6], CertificateRequest
</P>
<P>TLS_accept: SSLv3 write certificate request A </P>
<P>TLS_accept: SSLv3 flush data </P>
<P>TLS_accept:error in SSLv3 read client certificate A </P>
<P>In SSL Handshake Phase </P>
<P>In SSL Accept mode </P>
<P>eaptls_process returned 13 </P>
<P>modcall[authenticate]: module "eap" returns handled for request 4</P>
<P>modcall: group authenticate returns handled for request 4</P>
<P>Sending Access-Challenge of id 0 to 192.168.11.1:2048</P>
<P>EAP-Message =
0x010304060d80000003fc160301004a0200004603014348fbec928c83e4952e56e503ad2e15c9be0fcfdb780f10197f7b4133ccf53520f0cf5a151df753d8674aa13d8ee4fada2e9236069d7798a8d87c2c94fc1eade600040016030102ed0b0002e90002e60002e3308202df30820248a003020102020900fc8e09110b5a3eca300d06092a864886f70d01010405003081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e7431183016060355040313</P>
<P>EAP-Message =
0x0f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c67656d65656e406368656c6c6f2e6e6c301e170d3035313030363231323734355a170d3036313030363231323734355a3081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e74311830160603550403130f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c67656d65656e406368656c6c6f</P>
<P>EAP-Message =
0x2e6e6c30819f300d06092a864886f70d010101050003818d0030818902818100dafaddb5bba8f2e1f54d2bf108425809657fa562555efcacf79362cb331b3e4f7030b88616bfa844a5f080e4ad8d2aac9a10ce9958b1dd4ada4a072739835228adc33bd0bd9fde3f17dd1356d101a26483440459b6f534cc0c622fb4687b34f16498cdeb85fdb939ec8796e633559dc6c99ee31d77cbed8f3bf9aae3453a37b30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810025b480d3991d0e431bc87c4647c2a5ad35fbd813fd445c9280bbd24c75531393326e5640edd78bc99f0f8ecc</P>
<P>EAP-Message =
0x9bc9bb1c110d1a31aab8891ad1e1c030d114edfb73dfbe273a2e6eb216058ac53068970c8b9327a84f8d94c3dc0c3ee8a19ae8e24f87a962d6d88f72e4ff55880ef3d77aee2961499ae85d4bea5bec7c8e26c7f916030100b60d0000ae02010200a900a73081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e74311830160603550403130f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c6765</P>
<P>EAP-Message = 0x6d65656e406368656c6c6f2e6e6c0e000000</P>
<P>Message-Authenticator = 0x00000000000000000000000000000000</P>
<P>State = 0xf682d06956d504942902019d3bd263c0</P>
<P>Finished request 4</P>
<P>Going to the next request</P>
<P>Waking up in 6 seconds...</P>
<P>rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0,
length=146</P>
<P>User-Name = "Jurgen Tessers"</P>
<P>NAS-IP-Address = 192.168.11.1</P>
<P>Called-Station-Id = "001217374d34"</P>
<P>Calling-Station-Id = "00904bfa38fd"</P>
<P>NAS-Identifier = "001217374d34"</P>
<P>NAS-Port = 63</P>
<P>Framed-MTU = 1400</P>
<P>State = 0xf682d06956d504942902019d3bd263c0</P>
<P>NAS-Port-Type = Wireless-802.11</P>
<P>EAP-Message = 0x020300060d00</P>
<P>Message-Authenticator = 0x70679a8fd948dfe126165b99f9dd1b18</P>
<P>Processing the authorize section of radiusd.conf</P>
<P>modcall: entering group authorize for request 5</P>
<P>modcall[authorize]: module "preprocess" returns ok for request 5</P>
<P>rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL</P>
<P>rlm_realm: No such realm "NULL"</P>
<P>modcall[authorize]: module "suffix" returns noop for request 5</P>
<P>rlm_eap: EAP packet type response id 3 length 6</P>
<P>rlm_eap: No EAP Start, assuming it's an on-going EAP conversation</P>
<P>modcall[authorize]: module "eap" returns updated for request 5</P>
<P>users: Matched entry Jurgen Tessers at line 98</P>
<P>modcall[authorize]: module "files" returns ok for request 5</P>
<P>modcall: group authorize returns updated for request 5</P>
<P>rad_check_password: Found Auth-Type EAP</P>
<P>auth: type "EAP"</P>
<P>Processing the authenticate section of radiusd.conf</P>
<P>modcall: entering group authenticate for request 5</P>
<P>rlm_eap: Request found, released from the list</P>
<P>rlm_eap: EAP/tls</P>
<P>rlm_eap: processing type tls</P>
<P>rlm_eap_tls: Authenticate</P>
<P>rlm_eap_tls: processing TLS</P>
<P>rlm_eap_tls: Received EAP-TLS ACK message</P>
<P>rlm_eap_tls: ack handshake fragment handler</P>
<P>eaptls_verify returned 1 </P>
<P>eaptls_process returned 13 </P>
<P>modcall[authenticate]: module "eap" returns handled for request 5</P>
<P>modcall: group authenticate returns handled for request 5</P>
<P>Sending Access-Challenge of id 0 to 192.168.11.1:2048</P>
<P>EAP-Message = 0x0104000a0d8000000000</P>
<P>Message-Authenticator = 0x00000000000000000000000000000000</P>
<P>State = 0x2bfb625aa5787818e9adeb602d7eedf8</P>
<P>Finished request 5</P>
<P>Going to the next request</P>
<P>Waking up in 6 seconds...</P>
<P>--- Walking the entire request list ---</P>
<P>Cleaning up request 5 ID 0 with timestamp 4348fbec</P>
<P>Nothing to do. Sleeping until we see a request.</P>
<P>rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0,
length=141</P>
<P>User-Name = "Jurgen Tessers"</P>
<P>NAS-IP-Address = 192.168.11.1</P>
<P>Called-Station-Id = "001217374d34"</P>
<P>Calling-Station-Id = "00904bfa38fd"</P>
<P>NAS-Identifier = "001217374d34"</P>
<P>NAS-Port = 63</P>
<P>Framed-MTU = 1400</P>
<P>NAS-Port-Type = Wireless-802.11</P>
<P>EAP-Message = 0x02010013014a757267656e2054657373657273</P>
<P>Message-Authenticator = 0x73f093669adbb4d2de364948a9ba07c5</P>
<P>Processing the authorize section of radiusd.conf</P>
<P>modcall: entering group authorize for request 6</P>
<P>modcall[authorize]: module "preprocess" returns ok for request 6</P>
<P>rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL</P>
<P>rlm_realm: No such realm "NULL"</P>
<P>modcall[authorize]: module "suffix" returns noop for request 6</P>
<P>rlm_eap: EAP packet type response id 1 length 19</P>
<P>rlm_eap: No EAP Start, assuming it's an on-going EAP conversation</P>
<P>modcall[authorize]: module "eap" returns updated for request 6</P>
<P>users: Matched entry Jurgen Tessers at line 98</P>
<P>modcall[authorize]: module "files" returns ok for request 6</P>
<P>modcall: group authorize returns updated for request 6</P>
<P>rad_check_password: Found Auth-Type EAP</P>
<P>auth: type "EAP"</P>
<P>Processing the authenticate section of radiusd.conf</P>
<P>modcall: entering group authenticate for request 6</P>
<P>rlm_eap: EAP Identity</P>
<P>rlm_eap: processing type tls</P>
<P>rlm_eap_tls: Requiring client certificate</P>
<P>rlm_eap_tls: Initiate</P>
<P>rlm_eap_tls: Start returned 1</P>
<P>modcall[authenticate]: module "eap" returns handled for request 6</P>
<P>modcall: group authenticate returns handled for request 6</P>
<P>Sending Access-Challenge of id 0 to 192.168.11.1:2048</P>
<P>EAP-Message = 0x010200060d20</P>
<P>Message-Authenticator = 0x00000000000000000000000000000000</P>
<P>State = 0x97c1db6e5349aa2f0ea68769670a22db</P>
<P>Finished request 6</P>
<P>Going to the next request</P></FONT></DIV>
<DIV><FONT face=Arial size=2>etc, etc</FONT></DIV>
<DIV> </DIV>
<DIV>$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$4</DIV></FONT></DIV></BODY></HTML>