<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-2">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>
<DIV><FONT face=Arial size=2>Hi</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I figth with my Radius for one week and I don't
have more ideas. I would like to make my home network with WPA enterprise (WPA
with TKIP + 802.1x). I made my own CA and generate certificates for server
and client. Everything like I red in howto from freeradius.org. My server is on
fedora core 4 but I try on slackware too.</FONT></DIV>
<DIV><FONT face=Arial size=2>When I use on my AP (linksys wrt54g) WPA enterprise
command radiusd -X stops after:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Listening on authentication *:1812<BR>Listening on
accounting *:1813<BR>Listening on proxy *:1814<BR>Ready to process
requests.</FONT><BR></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>when I change for only RADIUS and WEP I
get after radiusd -X message:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><A href="">root@serwerek</A> sbin]# ./radiusd
-X<BR>Starting - reading configuration files ...<BR>reread_config: reading
radiusd.conf<BR>Config: including file:
/etc/raddb/proxy.conf<BR>Config: including file:
/etc/raddb/clients.conf<BR>Config: including file:
/etc/raddb/snmp.conf<BR>Config: including file:
/etc/raddb/eap.conf<BR>Config: including file:
/etc/raddb/sql.conf<BR> main: prefix = "/usr"<BR> main: localstatedir
= "/var"<BR> main: logdir = "/var/log/radius"<BR> main: libdir =
"/usr/lib"<BR> main: radacctdir = "/var/log/radius/radacct"<BR> main:
hostname_lookups = no<BR> main: max_request_time = 30<BR> main:
cleanup_delay = 5<BR> main: max_requests = 1024<BR> main:
delete_blocked_requests = 0<BR> main: port = 0<BR> main:
allow_core_dumps = no<BR> main: log_stripped_names = no<BR> main:
log_file = "/var/log/radius/radius.log"<BR> main: log_auth =
no<BR> main: log_auth_badpass = no<BR> main: log_auth_goodpass =
no<BR> main: pidfile = "/var/run/radiusd/radiusd.pid"<BR> main: user =
"nobody"<BR> main: group = "nobody"<BR> main: usercollide =
no<BR> main: lower_user = "no"<BR> main: lower_pass =
"no"<BR> main: nospace_user = "no"<BR> main: nospace_pass =
"no"<BR> main: checkrad = "/usr/sbin/checkrad"<BR> main:
proxy_requests = yes<BR> proxy: retry_delay = 5<BR> proxy: retry_count
= 3<BR> proxy: synchronous = no<BR> proxy: default_fallback =
yes<BR> proxy: dead_time = 120<BR> proxy: post_proxy_authorize =
yes<BR> proxy: wake_all_if_all_dead = no<BR> security: max_attributes
= 200<BR> security: reject_delay = 1<BR> security: status_server =
no<BR> main: debug_level = 0<BR>read_config_files: reading
dictionary<BR>read_config_files: reading naslist<BR>Using deprecated
naslist file. Support for this will go away
soon.<BR>read_config_files: reading clients<BR>read_config_files:
reading realms<BR>radiusd: entering modules setup<BR>Module: Library
search path is /usr/lib<BR>Module: Loaded exec<BR> exec: wait =
yes<BR> exec: program = "(null)"<BR> exec: input_pairs =
"request"<BR> exec: output_pairs = "(null)"<BR> exec: packet_type =
"(null)"<BR>rlm_exec: Wait=yes but no output defined. Did you mean
output=none?<BR>Module: Instantiated exec (exec)<BR>Module: Loaded
expr<BR>Module: Instantiated expr (expr)<BR>Module: Loaded PAP<BR> pap:
encryption_scheme = "crypt"<BR>Module: Instantiated pap (pap)<BR>Module: Loaded
CHAP<BR>Module: Instantiated chap (chap)<BR>Module: Loaded
MS-CHAP<BR> mschap: use_mppe = yes<BR> mschap: require_encryption =
no<BR> mschap: require_strong = no<BR> mschap: with_ntdomain_hack =
no<BR> mschap: passwd = "(null)"<BR> mschap: authtype =
"MS-CHAP"<BR> mschap: ntlm_auth = "(null)"<BR>Module: Instantiated mschap
(mschap)<BR>Module: Loaded System<BR> unix: cache = no<BR> unix:
passwd = "(null)"<BR> unix: shadow = "/etc/shadow"<BR> unix: group =
"(null)"<BR> unix: radwtmp = "/var/log/radius/radwtmp"<BR> unix:
usegroup = no<BR> unix: cache_reload = 600<BR>Module: Instantiated unix
(unix)<BR>Module: Loaded eap<BR> eap: default_eap_type =
"tls"<BR> eap: timer_expire = 60<BR> eap: ignore_unknown_eap_types =
no<BR> eap: cisco_accounting_username_bug = no<BR>rlm_eap: Loaded and
initialized type md5<BR>rlm_eap: Loaded and initialized type leap<BR> gtc:
challenge = "Password: "<BR> gtc: auth_type = "PAP"<BR>rlm_eap: Loaded and
initialized type gtc<BR> tls: rsa_key_exchange = no<BR> tls:
dh_key_exchange = yes<BR> tls: rsa_key_length = 512<BR> tls:
dh_key_length = 512<BR> tls: verify_depth = 0<BR> tls: CA_path =
"(null)"<BR> tls: pem_file_type = yes<BR> tls: private_key_file =
"/etc/raddb/certs/server_keycert.pem"<BR> tls: certificate_file =
"/etc/raddb/certs/server_keycert.pem"<BR> tls: CA_file =
"/etc/raddb/certs/cacert.pem"<BR> tls: private_key_password =
"adam01"<BR> tls: dh_file = "/etc/raddb/certs/dh"<BR> tls: random_file
= "/etc/raddb/certs/random"<BR> tls: fragment_size = 1024<BR> tls:
include_length = yes<BR> tls: check_crl = no<BR> tls: check_cert_cn =
"(null)"<BR>rlm_eap: Loaded and initialized type tls<BR> mschapv2:
with_ntdomain_hack = no<BR>rlm_eap: Loaded and initialized type
mschapv2<BR>Module: Instantiated eap (eap)<BR>Module: Loaded
preprocess<BR> preprocess: huntgroups =
"/etc/raddb/huntgroups"<BR> preprocess: hints =
"/etc/raddb/hints"<BR> preprocess: with_ascend_hack =
no<BR> preprocess: ascend_channels_per_line = 23<BR> preprocess:
with_ntdomain_hack = no<BR> preprocess: with_specialix_jetstream_hack =
no<BR> preprocess: with_cisco_vsa_hack = no<BR>Module: Instantiated
preprocess (preprocess)<BR>Module: Loaded realm<BR> realm: format =
"suffix"<BR> realm: delimiter = "@"<BR> realm: ignore_default =
no<BR> realm: ignore_null = no<BR>Module: Instantiated realm
(suffix)<BR>Module: Loaded files<BR> files: usersfile =
"/etc/raddb/users"<BR> files: acctusersfile =
"/etc/raddb/acct_users"<BR> files: preproxy_usersfile =
"/etc/raddb/preproxy_users"<BR> files: compat = "no"<BR>Module:
Instantiated files (files)<BR>Module: Loaded
Acct-Unique-Session-Id<BR> acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Addre<BR>ss, NAS-Port"<BR>Module: Instantiated
acct_unique (acct_unique)<BR>Module: Loaded detail<BR> detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%<BR>d"<BR> detail:
detailperm = 384<BR> detail: dirperm = 493<BR> detail: locking =
no<BR>Module: Instantiated detail (detail)<BR>Module: Loaded
radutmp<BR> radutmp: filename = "/var/log/radius/radutmp"<BR> radutmp:
username = "%{User-Name}"<BR> radutmp: case_sensitive =
yes<BR> radutmp: check_with_nas = yes<BR> radutmp: perm =
384<BR> radutmp: callerid = yes<BR>Module: Instantiated radutmp
(radutmp)<BR>Listening on authentication *:1812<BR>Listening on accounting
*:1813<BR>Listening on proxy *:1814<BR>Ready to process requests.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>[root@serwerek sbin]# ./radiusd -X<BR>Starting -
reading configuration files ...<BR>reread_config: reading
radiusd.conf<BR>Config: including file:
/etc/raddb/proxy.conf<BR>Config: including file:
/etc/raddb/clients.conf<BR>Config: including file:
/etc/raddb/snmp.conf<BR>Config: including file:
/etc/raddb/eap.conf<BR>Config: including file:
/etc/raddb/sql.conf<BR> main: prefix = "/usr"<BR> main: localstatedir
= "/var"<BR> main: logdir = "/var/log/radius"<BR> main: libdir =
"/usr/lib"<BR> main: radacctdir = "/var/log/radius/radacct"<BR> main:
hostname_lookups = no<BR> main: max_request_time = 30<BR> main:
cleanup_delay = 5<BR> main: max_requests = 1024<BR> main:
delete_blocked_requests = 0<BR> main: port = 0<BR> main:
allow_core_dumps = no<BR> main: log_stripped_names = no<BR> main:
log_file = "/var/log/radius/radius.log"<BR> main: log_auth =
no<BR> main: log_auth_badpass = no<BR> main: log_auth_goodpass =
no<BR> main: pidfile = "/var/run/radiusd/radiusd.pid"<BR> main: user =
"nobody"<BR> main: group = "nobody"<BR> main: usercollide =
no<BR> main: lower_user = "no"<BR> main: lower_pass =
"no"<BR> main: nospace_user = "no"<BR> main: nospace_pass =
"no"<BR> main: checkrad = "/usr/sbin/checkrad"<BR> main:
proxy_requests = yes<BR> proxy: retry_delay = 5<BR> proxy: retry_count
= 3<BR> proxy: synchronous = no<BR> proxy: default_fallback =
yes<BR> proxy: dead_time = 120<BR> proxy: post_proxy_authorize =
yes<BR> proxy: wake_all_if_all_dead = no<BR> security: max_attributes
= 200<BR> security: reject_delay = 1<BR> security: status_server =
no<BR> main: debug_level = 0<BR>read_config_files: reading
dictionary<BR>read_config_files: reading naslist<BR>Using deprecated
naslist file. Support for this will go away
soon.<BR>read_config_files: reading clients<BR>read_config_files:
reading realms<BR>radiusd: entering modules setup<BR>Module: Library
search path is /usr/lib<BR>Module: Loaded exec<BR> exec: wait =
yes<BR> exec: program = "(null)"<BR> exec: input_pairs =
"request"<BR> exec: output_pairs = "(null)"<BR> exec: packet_type =
"(null)"<BR>rlm_exec: Wait=yes but no output defined. Did you mean
output=none?<BR>Module: Instantiated exec (exec)<BR>Module: Loaded
expr<BR>Module: Instantiated expr (expr)<BR>Module: Loaded PAP<BR> pap:
encryption_scheme = "crypt"<BR>Module: Instantiated pap (pap)<BR>Module: Loaded
CHAP<BR>Module: Instantiated chap (chap)<BR>Module: Loaded
MS-CHAP<BR> mschap: use_mppe = yes<BR> mschap: require_encryption =
no<BR> mschap: require_strong = no<BR> mschap: with_ntdomain_hack =
no<BR> mschap: passwd = "(null)"<BR> mschap: authtype =
"MS-CHAP"<BR> mschap: ntlm_auth = "(null)"<BR>Module: Instantiated mschap
(mschap)<BR>Module: Loaded System<BR> unix: cache = no<BR> unix:
passwd = "(null)"<BR> unix: shadow = "/etc/shadow"<BR> unix: group =
"(null)"<BR> unix: radwtmp = "/var/log/radius/radwtmp"<BR> unix:
usegroup = no<BR> unix: cache_reload = 600<BR>Module: Instantiated unix
(unix)<BR>Module: Loaded eap<BR> eap: default_eap_type =
"tls"<BR> eap: timer_expire = 60<BR> eap: ignore_unknown_eap_types =
no<BR> eap: cisco_accounting_username_bug = no<BR>rlm_eap: Loaded and
initialized type md5<BR>rlm_eap: Loaded and initialized type leap<BR> gtc:
challenge = "Password: "<BR> gtc: auth_type = "PAP"<BR>rlm_eap: Loaded and
initialized type gtc<BR> tls: rsa_key_exchange = no<BR> tls:
dh_key_exchange = yes<BR> tls: rsa_key_length = 512<BR> tls:
dh_key_length = 512<BR> tls: verify_depth = 0<BR> tls: CA_path =
"(null)"<BR> tls: pem_file_type = yes<BR> tls: private_key_file =
"/etc/raddb/certs/server_keycert.pem"<BR> tls: certificate_file =
"/etc/raddb/certs/server_keycert.pem"<BR> tls: CA_file =
"/etc/raddb/certs/cacert.pem"<BR> tls: private_key_password =
"adam01"<BR> tls: dh_file = "/etc/raddb/certs/dh"<BR> tls: random_file
= "/etc/raddb/certs/random"<BR> tls: fragment_size = 1024<BR> tls:
include_length = yes<BR> tls: check_crl = no<BR> tls: check_cert_cn =
"(null)"<BR>rlm_eap: Loaded and initialized type tls<BR> mschapv2:
with_ntdomain_hack = no<BR>rlm_eap: Loaded and initialized type
mschapv2<BR>Module: Instantiated eap (eap)<BR>Module: Loaded
preprocess<BR> preprocess: huntgroups =
"/etc/raddb/huntgroups"<BR> preprocess: hints =
"/etc/raddb/hints"<BR> preprocess: with_ascend_hack =
no<BR> preprocess: ascend_channels_per_line = 23<BR> preprocess:
with_ntdomain_hack = no<BR> preprocess: with_specialix_jetstream_hack =
no<BR> preprocess: with_cisco_vsa_hack = no<BR>Module: Instantiated
preprocess (preprocess)<BR>Module: Loaded realm<BR> realm: format =
"suffix"<BR> realm: delimiter = "@"<BR> realm: ignore_default =
no<BR> realm: ignore_null = no<BR>Module: Instantiated realm
(suffix)<BR>Module: Loaded files<BR> files: usersfile =
"/etc/raddb/users"<BR> files: acctusersfile =
"/etc/raddb/acct_users"<BR> files: preproxy_usersfile =
"/etc/raddb/preproxy_users"<BR> files: compat = "no"<BR>Module:
Instantiated files (files)<BR>Module: Loaded
Acct-Unique-Session-Id<BR> acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Addre<BR>ss, NAS-Port"<BR>Module: Instantiated
acct_unique (acct_unique)<BR>Module: Loaded detail<BR> detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%<BR>d"<BR> detail:
detailperm = 384<BR> detail: dirperm = 493<BR> detail: locking =
no<BR>Module: Instantiated detail (detail)<BR>Module: Loaded
radutmp<BR> radutmp: filename = "/var/log/radius/radutmp"<BR> radutmp:
username = "%{User-Name}"<BR> radutmp: case_sensitive =
yes<BR> radutmp: check_with_nas = yes<BR> radutmp: perm =
384<BR> radutmp: callerid = yes<BR>Module: Instantiated radutmp
(radutmp)<BR>Listening on authentication *:1812<BR>Listening on accounting
*:1813<BR>Listening on proxy *:1814<BR>Ready to process requests.<BR>rad_recv:
Access-Request packet from host 192.168.1.1:2054, id=0,
length=121<BR> User-Name =
"Adam"<BR> NAS-IP-Address =
192.168.1.1<BR> Called-Station-Id =
"0014bf2f16c2"<BR> Calling-Station-Id
= "000e3573296d"<BR> NAS-Identifier =
"0014bf2f16c2"<BR> NAS-Port =
55<BR> Framed-MTU =
1400<BR> NAS-Port-Type =
Wireless-802.11<BR> EAP-Message =
0x02000009014164616d<BR>
Message-Authenticator = 0x88f32269e104d036be28f8411cd133b6<BR> Processing
the authorize section of radiusd.conf<BR>modcall: entering group authorize for
request 0<BR> modcall[authorize]: module "preprocess" returns ok for
request 0<BR> modcall[authorize]: module "chap" returns noop for request
0<BR> modcall[authorize]: module "mschap" returns noop for request
0<BR> rlm_realm: No <A href="">'@'</A> in User-Name = "Adam",
looking up realm NULL<BR> rlm_realm: No such realm
"NULL"<BR> modcall[authorize]: module "suffix" returns noop for request
0<BR> rlm_eap: EAP packet type response id 0 length 9<BR> rlm_eap:
No EAP Start, assuming it's an on-going EAP conversation<BR>
modcall[authorize]: module "eap" returns updated for request
0<BR> users: Matched entry DEFAULT at line 152<BR>
modcall[authorize]: module "files" returns ok for request 0<BR>modcall: group
authorize returns updated for request 0<BR> rad_check_password:
Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate
section of radiusd.conf<BR>modcall: entering group authenticate for request
0<BR> rlm_eap: EAP Identity<BR> rlm_eap: processing type
tls<BR> rlm_eap_tls: Requiring client certificate<BR> rlm_eap_tls:
Initiate<BR> rlm_eap_tls: Start returned 1<BR>
modcall[authenticate]: module "eap" returns handled for request 0<BR>modcall:
group authenticate returns handled for request 0<BR>Sending Access-Challenge of
id 0 to 192.168.1.1:2054<BR>
EAP-Message = 0x010100060d20<BR>
Message-Authenticator =
0x00000000000000000000000000000000<BR>
State = 0x44e256d6f94136dbb146b56055f69cf3<BR>Finished request 0<BR>Going to the
next request<BR>--- Walking the entire request list ---<BR>Waking up in 6
seconds...<BR>rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0,
length=236<BR> User-Name =
"Adam"<BR> NAS-IP-Address =
192.168.1.1<BR> Called-Station-Id =
"0014bf2f16c2"<BR> Calling-Station-Id
= "000e3573296d"<BR> NAS-Identifier =
"0014bf2f16c2"<BR> NAS-Port =
55<BR> Framed-MTU =
1400<BR> State =
0x44e256d6f94136dbb146b56055f69cf3<BR>
NAS-Port-Type = Wireless-802.11<BR>
EAP-Message =
0x0201006a0d8000000060160301005b01000057030143b50d1a0e6730<BR>f71ec0114327ca53bc3eade6ecabd6c027a46f2642fb6e39d000003000390038003500160013000a<BR>00330032002f0066000500040065006400630062006000150012000900140011000800030100<BR>
Message-Authenticator = 0xe801c7aec46700968dfa44913e23d516<BR> Processing
the authorize section of radiusd.conf<BR>modcall: entering group authorize for
request 1<BR> modcall[authorize]: module "preprocess" returns ok for
request 1<BR> modcall[authorize]: module "chap" returns noop for request
1<BR> modcall[authorize]: module "mschap" returns noop for request
1<BR> rlm_realm: No <A href="">'@'</A> in User-Name = "Adam",
looking up realm NULL<BR> rlm_realm: No such realm
"NULL"<BR> modcall[authorize]: module "suffix" returns noop for request
1<BR> rlm_eap: EAP packet type response id 1 length 106<BR> rlm_eap:
No EAP Start, assuming it's an on-going EAP conversation<BR>
modcall[authorize]: module "eap" returns updated for request
1<BR> users: Matched entry DEFAULT at line 152<BR>
modcall[authorize]: module "files" returns ok for request 1<BR>modcall: group
authorize returns updated for request 1<BR> rad_check_password:
Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate
section of radiusd.conf<BR>modcall: entering group authenticate for request
1<BR> rlm_eap: Request found, released from the list<BR> rlm_eap:
EAP/tls<BR> rlm_eap: processing type tls<BR> rlm_eap_tls:
Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Length
Included<BR> eaptls_verify returned 11<BR> (other):
before/accept initialization<BR> TLS_accept: before/accept
initialization<BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length
005b], ClientHello<BR> TLS_accept: SSLv3 read client hello
A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a],
ServerHello<BR> TLS_accept: SSLv3 write server hello
A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 02a7],
Certificate<BR> TLS_accept: SSLv3 write certificate
A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d],
ServerKeyExchange<BR> TLS_accept: SSLv3 write key exchange
A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099],
CertificateRequest<BR> TLS_accept: SSLv3 write certificate
request A<BR> TLS_accept: SSLv3 flush
data<BR> TLS_accept:error in SSLv3 read client certificate
A<BR>In SSL Handshake Phase<BR>In SSL Accept mode<BR> eaptls_process
returned 13<BR> modcall[authenticate]: module "eap" returns handled for
request 1<BR>modcall: group authenticate returns handled for request
1<BR>Sending Access-Challenge of id 0 to
192.168.1.1:2054<BR> EAP-Message =
0x0102040a0dc0000004ab160301004a02000046030143b50c5e53e9e8<BR>a74a80938207f2b0b3bb015986bef383fbada6998b571453ee2050a14d2d1936b94767dc8e385486<BR>0e4a418ee7d1541dc3c54807f12c5996889200390016030102a70b0002a30002a000029d30820299<BR>30820202a003020102020101300d06092a864886f70d0101040500308185310b3009060355040613<BR>02504c311330110603550408130a446f6c6e79536c61736b3110300e0603550407130757726f636c<BR>6177310e300c060355040a1305446f6d656b3122302006035504031319736572776572656b2e6164<BR>616d656b2e686f70746f2e6f7267311b301906092a864886f7<BR>
EAP-Message =
0x0d010901160c61726f67616c4077702e706c301e170d303531323330<BR>3038333635345a170d3036313233303038333635345a308185310b300906035504061302504c3113<BR>30110603550408130a446f6c6e79536c61736b3110300e0603550407130757726f636c6177310e30<BR>0c060355040a1305446f6d656b3122302006035504031319736572776572656b2e6164616d656b2e<BR>686f70746f2e6f7267311b301906092a864886f70d010901160c61726f67616c4077702e706c3081<BR>9f300d06092a864886f70d010101050003818d0030818902818100e446b6595abca00c76e48b21d6<BR>95f43d9a2770dd067bfcaef859ec5bcedb74a14600a9dd179e<BR>
EAP-Message =
0x23d8f7809495f018a50d359f78915fb18b41a74e7441f6716823e415<BR>0febd758698291dd48150bc697d56be21a536b089b17f9e3fa049db4e52402fac8f72e493cbfcbda<BR>0e217cdd2a93598632c1c64cc7d70840ec0fbce918e30203010001a317301530130603551d25040c<BR>300a06082b06010505070301300d06092a864886f70d0101040500038181000662e9a572dec151d2<BR>6adb88c7cee3cc7bf0f7f41e8c03d8b85b2b7db7ab2b35fb21ecabb9f15f395e6482b762c04aec81<BR>0c4a9883986037d5c17eaf0539e64aae928e7da2394d5b5b3c7d61791d3ae373cf15a15925021f00<BR>51f518de9c12f6e04fe46f39a2b53f6b2345b0b94fc9da2499<BR>
EAP-Message =
0x110108df4251a2d2f21ca4ebaf2c160301010d0c0001090040ca7f38<BR>db174492ff0737acbd4117d15bb7b41b837016a8422f3a34f9af06244de89a01df120f1547117480<BR>2929bc655907ca6ff7b441f03ea72c1ad2c3caae8b00010500407f8f356cf73802cb22f17e4d3a2c<BR>ea90839f15a1b1c4d7d15014724bd5ef9aba1e17dd262df70a5c8784c64dbd5dcb6a0ae0bdfa390b<BR>337d50ed9e97d97324b60080c10536878e2d1ec56f2ad550b03e61c35ae1920f1d5ab39c5ed5bfe2<BR>f8cd2b804799634038088cd836ab6229e86a39589c5a3f9cf93c700c2dfd6bf684ea2e5efc9012db<BR>f4a6704e75cdd233d632c43e0f0a762ad8df90da110e39dd2f<BR>
EAP-Message =
0x0aab1b9e0bc4fe20ea2b877b8ccb0c2e7b89e1e6952f<BR>
Message-Authenticator =
0x00000000000000000000000000000000<BR>
State = 0x767b202144333f7b0182c93a33070eb4<BR>Finished request 1<BR>Going to the
next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet
from host 192.168.1.1:2054, id=0,
length=136<BR> User-Name =
"Adam"<BR> NAS-IP-Address =
192.168.1.1<BR> Called-Station-Id =
"0014bf2f16c2"<BR> Calling-Station-Id
= "000e3573296d"<BR> NAS-Identifier =
"0014bf2f16c2"<BR> NAS-Port =
55<BR> Framed-MTU =
1400<BR> State =
0x767b202144333f7b0182c93a33070eb4<BR>
NAS-Port-Type = Wireless-802.11<BR>
EAP-Message = 0x020200060d00<BR>
Message-Authenticator = 0x2e5131827a4a1a6955a9eada5a37ad5d<BR> Processing
the authorize section of radiusd.conf<BR>modcall: entering group authorize for
request 2<BR> modcall[authorize]: module "preprocess" returns ok for
request 2<BR> modcall[authorize]: module "chap" returns noop for request
2<BR> modcall[authorize]: module "mschap" returns noop for request
2<BR> rlm_realm: No <A href="">'@'</A> in User-Name = "Adam",
looking up realm NULL<BR> rlm_realm: No such realm
"NULL"<BR> modcall[authorize]: module "suffix" returns noop for request
2<BR> rlm_eap: EAP packet type response id 2 length 6<BR> rlm_eap:
No EAP Start, assuming it's an on-going EAP conversation<BR>
modcall[authorize]: module "eap" returns updated for request
2<BR> users: Matched entry DEFAULT at line 152<BR>
modcall[authorize]: module "files" returns ok for request 2<BR>modcall: group
authorize returns updated for request 2<BR> rad_check_password:
Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate
section of radiusd.conf<BR>modcall: entering group authenticate for request
2<BR> rlm_eap: Request found, released from the list<BR> rlm_eap:
EAP/tls<BR> rlm_eap: processing type tls<BR> rlm_eap_tls:
Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Received
EAP-TLS ACK message<BR> rlm_eap_tls: ack handshake fragment
handler<BR> eaptls_verify returned 1<BR> eaptls_process returned
13<BR> modcall[authenticate]: module "eap" returns handled for request
2<BR>modcall: group authenticate returns handled for request 2<BR>Sending
Access-Challenge of id 0 to
192.168.1.1:2054<BR> EAP-Message =
0x010300b50d80000004abea37366e949b739e4e8ce5d1051603010099<BR>0d0000910403040102008a0088308185310b300906035504061302504c311330110603550408130a<BR>446f6c6e79536c61736b3110300e0603550407130757726f636c6177310e300c060355040a130544<BR>6f6d656b3122302006035504031319736572776572656b2e6164616d656b2e686f70746f2e6f7267<BR>311b301906092a864886f70d010901160c61726f67616c4077702e706c0e000000<BR>
Message-Authenticator =
0x00000000000000000000000000000000<BR>
State = 0xe15d58f49422b6ce53338dbcb286d67d<BR>Finished request 2<BR>Going to the
next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet
from host 192.168.1.1:2054, id=0,
length=147<BR> User-Name =
"Adam"<BR> NAS-IP-Address =
192.168.1.1<BR> Called-Station-Id =
"0014bf2f16c2"<BR> Calling-Station-Id
= "000e3573296d"<BR> NAS-Identifier =
"0014bf2f16c2"<BR> NAS-Port =
55<BR> Framed-MTU =
1400<BR> State =
0xe15d58f49422b6ce53338dbcb286d67d<BR>
NAS-Port-Type = Wireless-802.11<BR>
EAP-Message =
0x020300110d800000000715030100020230<BR>
Message-Authenticator = 0x9ccbb7428e7fb4c0adce582d01b259c6<BR> Processing
the authorize section of radiusd.conf<BR>modcall: entering group authorize for
request 3<BR> modcall[authorize]: module "preprocess" returns ok for
request 3<BR> modcall[authorize]: module "chap" returns noop for request
3<BR> modcall[authorize]: module "mschap" returns noop for request
3<BR> rlm_realm: No <A href="">'@'</A> in User-Name = "Adam",
looking up realm NULL<BR> rlm_realm: No such realm
"NULL"<BR> modcall[authorize]: module "suffix" returns noop for request
3<BR> rlm_eap: EAP packet type response id 3 length 17<BR> rlm_eap:
No EAP Start, assuming it's an on-going EAP conversation<BR>
modcall[authorize]: module "eap" returns updated for request
3<BR> users: Matched entry DEFAULT at line 152<BR>
modcall[authorize]: module "files" returns ok for request 3<BR>modcall: group
authorize returns updated for request 3<BR> rad_check_password:
Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate
section of radiusd.conf<BR>modcall: entering group authenticate for request
3<BR> rlm_eap: Request found, released from the list<BR> rlm_eap:
EAP/tls<BR> rlm_eap: processing type tls<BR> rlm_eap_tls:
Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Length
Included<BR> eaptls_verify returned 11<BR> rlm_eap_tls: <<<
TLS 1.0 Alert [length 0002], fatal unknown_ca<BR>TLS Alert read:fatal:unknown
CA<BR> TLS_accept:failed in SSLv3 read client certificate
A<BR>2426:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c<BR>:1052:SSL alert number 48<BR>2426:error:140940E5:SSL
routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:
837:<BR>rlm_eap_tls: SSL_read failed in a system call (-1), TLS session
fails.<BR>In SSL Handshake Phase<BR>In SSL Accept mode<BR>rlm_eap_tls: BIO_read
failed in a system call (-1), TLS session fails.<BR> eaptls_process
returned 13<BR> rlm_eap: Freeing handler<BR> modcall[authenticate]:
module "eap" returns reject for request 3<BR>modcall: group authenticate returns
reject for request 3<BR>auth: Failed to validate the user.<BR>Delaying request 3
for 1 seconds<BR>Finished request 3<BR>Going to the next request<BR>Waking up in
6 seconds...<BR>--- Walking the entire request list ---<BR>Sending Access-Reject
of id 0 to 192.168.1.1:2054<BR>
EAP-Message = 0x04030004<BR>
Message-Authenticator = 0x00000000000000000000000000000000<BR>Cleaning up
request 3 ID 0 with timestamp 43b50c5e<BR>Nothing to do. Sleeping until we
see a request.<BR></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>As a client I use my buildin centrino card
intel2200 and windows xp with sp2</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>So if enybody can help I will be very
gratefull</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Best regards</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Adam</DIV></FONT></DIV></BODY></HTML>