<html>
<head>
<style>
P
{
margin:0px;
padding:0px
}
body
{
FONT-SIZE: 9pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body>Hi,<br><br>I try to implement the EAP-TLS by Freeradius, but the authentication stoped. From the log, I guess the reason is "NAS Reboot". I wonder if you know why it happend. Thanks a lot in advance! Enclosed please find the part of the log. <br><br>Paul<br><br>... ...<br>Finished request 23<br>Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host 192.168.1.120:32778, id=33, length=219<br> User-Name = "host/cn1njxac.cn001.siemens.net"<br> NAS-IP-Address = 192.168.1.120<br> NAS-Identifier = "sourceserver.localdomain"<br> NAS-Port = 0<br> Called-Station-Id = "00-19-E0-85-F2-45:madwifi_t41"<br> Calling-Station-Id = "00-16-6F-58-2D-4B"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 0Mbps 802.11"<br> EAP-Message = 0x022400061900<br> State = 0xc22b0aa9baefeb0a401d5bfb77355856<br> Message-Authenticator =!
0xcbe38495618ee3a8a7d15dc8d088b68d<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 24<br> modcall[authorize]: module "preprocess" returns ok for request 24<br> modcall[authorize]: module "chap" returns noop for request 24<br> modcall[authorize]: module "mschap" returns noop for request 24<br> rlm_realm: Checking for suffix after "@"<br> rlm_realm: Looking up realm "cn1njxac.cn001.siemens.net" for User-Name = "host/cn1njxac.cn001.siemens.net"<br>XXL:enter realm_find realm =cn1njxac.cn001.siemens.net,accounting =0<br> Start to compare realm 2:config ream is :LOCAL,sta ream is :cn1njxac.cn001.siemens.net<br> rlm_realm: No such realm "cn1njxac.cn001.siemens.net"<br> modcall[authorize]: module "suffix" returns noop for request 24<br> rlm_eap: EAP packet type response id 36 length 6<br> rlm_eap: No EAP Start, assuming it's an on-going EA!
P conversation<br> modcall[authorize]: module "eap" returns upda
ted for request 24<br> users: Matched entry host/cn1njxac.cn001.siemens.net at line 95<br> modcall[authorize]: module "files" returns ok for request 24<br>XXL: enter pap_authorize,vp->attribute =1000<br>XXL: vp->lvalue =6<br>XXL: enter pap_authorize,vp->attribute =2<br>XXL: enter PW_USER_PASSWORD,found_pw should be true<br>rlm_pap: Found existing Auth-Type, not changing it.<br> modcall[authorize]: module "pap" returns noop for request 24<br>modcall: leaving group authorize (returns updated) for request 24<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 24<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>rlm_eap_tls: Received EAP-TLS ACK message<b!
r> rlm_eap_tls: ack handshake fragment handler<br> eaptls_verify returned 1<br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br> modcall[authenticate]: module "eap" returns handled for request 24<br>modcall: leaving group authenticate (returns handled) for request 24<br>Sending Access-Challenge of id 33 to 192.168.1.120 port 32778<br> EAP-Message = 0x012500061900<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x8810d4afb824cb4c9026f9697c25f35c<br>Finished request 24<br>Going to the next request<br>Waking up in 6 seconds...<br>--- Walking the entire request list ---<br>Cleaning up request 20 ID 29 with timestamp 468e087e<br>Cleaning up request 21 ID 30 with timestamp 468e087e<br>Cleaning up request 22 ID 31 with timestamp 468e087e<br>Cleaning up request 23 ID 32 with timestamp 468e087e<br>Cleaning up request 24 ID 33 with timestamp 468e087e<br>Nothing to do. Sleeping until we see a !
request.<br>rad_recv: Accounting-Request packet from host 192.168.1.12
0:32779, id=34, length=101<br> Acct-Status-Type = Accounting-Off<br> Acct-Authentic = RADIUS<br> NAS-IP-Address = 192.168.1.120<br> NAS-Identifier = "sourceserver.localdomain"<br> Called-Station-Id = "00-19-E0-85-F2-45:madwifi_t41"<br> Acct-Terminate-Cause = NAS-Reboot<br> Processing the preacct section of radiusd.conf<br>modcall: entering group preacct for request 25<br> modcall[preacct]: module "preprocess" returns noop for request 25<br>rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.1.120,NAS-IP-Address = 192.168.1.120,,'<br>rlm_acct_unique: Acct-Unique-Session-ID = "9ac3835c84179e1f".<br> modcall[preac!
ct]: module "acct_unique" returns ok for request 25<br> rlm_realm: Proxy reply, or no User-Name. Ignoring.<br> modcall[preacct]: module "suffix" returns noop for request 25<br> modcall[preacct]: module "files" returns noop for request 25<br>modcall: leaving group preacct (returns ok) for request 25<br> Processing the accounting section of radiusd.conf<br>modcall: entering group accounting for request 25<br>radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706'<br>rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706<br> modcall[accounting]: module "detail" returns ok for request 25<br> modcall[accounting]: module "unix" returns noop for request 25<br>radius_xlat: '/usr/local/freeradius/var/log/radius/radutmp'<br>rlm_radutmp: NAS madwifi_t41 rebooted (Ac!
counting-Off packet seen)<br>rlm_radutmp: Error accessing file /usr/lo
cal/freeradius/var/log/radius/radutmp: No such file or directory<br> modcall[accounting]: module "radutmp" returns ok for request 25<br>modcall: leaving group accounting (returns ok) for request 25<br>Sending Accounting-Response of id 34 to 192.168.1.120 port 32779<br>Finished request 25<br>Going to the next request<br>--- Walking the entire request list ---<br>Cleaning up request 25 ID 34 with timestamp 468e08a3<br>Nothing to do. Sleeping until we see a request.<br>rad_recv: Accounting-Request packet from host 192.168.1.120:32781, id=0, length=101<br> Acct-Status-Type = Accounting-On<br> Acct-Authentic = RADIUS<br> NAS-IP-Address = 192.168.1.120<br> NAS-Identifier = "sourceserver.localdomain"<br> Called-Station-Id = "00-19-E0-85-F2-45:madwifi_t41"<br> Acct-Terminate-Cause = NAS-Reboot<br> Processing the preacct section of radiusd.conf<br>modcall: entering group preacct for request 26<br> modcall[preacct]: module "preproc!
ess" returns noop for request 26<br>rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.1.120,NAS-IP-Address = 192.168.1.120,,'<br>rlm_acct_unique: Acct-Unique-Session-ID = "9ac3835c84179e1f".<br> modcall[preacct]: module "acct_unique" returns ok for request 26<br> rlm_realm: Proxy reply, or no User-Name. Ignoring.<br> modcall[preacct]: module "suffix" returns noop for request 26<br> modcall[preacct]: module "files" returns noop for request 26<br>modcall: leaving group preacct (returns ok) for request 26<br> Processing the accounting section of radiusd.conf<br>modcall: entering group accounting for request 26<!
br>radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/19
2.168.1.120/detail-20070706'<br>rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706<br> modcall[accounting]: module "detail" returns ok for request 26<br> modcall[accounting]: module "unix" returns noop for request 26<br>radius_xlat: '/usr/local/freeradius/var/log/radius/radutmp'<br>rlm_radutmp: NAS madwifi_t41 restarted (Accounting-On packet seen)<br>rlm_radutmp: Error accessing file /usr/local/freeradius/var/log/radius/radutmp: No such file or directory<br> modcall[accounting]: module "radutmp" returns ok for request 26<br>modcall: leaving group accounting (returns ok) for request 26<br>Sending Accounting-Response of id 0 to 192.168.1.120 port 32781<br>Finished request 26<br>Going to the next request<br>--- Walking the entire request list ---<br>Cleaning up request 26 ID 0 with timestamp 468e08a7<br>Nothing to do. Sleep!
ing until we see a request.<br>rad_recv: Accounting-Request packet from host 192.168.1.120:32781, id=1, length=101<br> Acct-Status-Type = Accounting-Off<br> Acct-Authentic = RADIUS<br> NAS-IP-Address = 192.168.1.120<br> NAS-Identifier = "sourceserver.localdomain"<br> Called-Station-Id = "00-19-E0-85-F2-45:madwifi_t41"<br> Acct-Terminate-Cause = NAS-Reboot<br> Processing the preacct section of radiusd.conf<br>modcall: entering group preacct for request 27<br> modcall[preacct]: module "preprocess" returns noop for request 27<br>rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent<br>rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.1.120,NAS-IP-Address = 192.168.1.120,,'!
<br>rlm_acct_unique: Acct-Unique-Session-ID = "9ac3835c84179e1f".<br>&
nbsp; modcall[preacct]: module "acct_unique" returns ok for request 27<br> rlm_realm: Proxy reply, or no User-Name. Ignoring.<br> modcall[preacct]: module "suffix" returns noop for request 27<br> modcall[preacct]: module "files" returns noop for request 27<br>modcall: leaving group preacct (returns ok) for request 27<br> Processing the accounting section of radiusd.conf<br>modcall: entering group accounting for request 27<br>radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706'<br>rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.1.120/detail-20070706<br> modcall[accounting]: module "detail" returns ok for request 27<br> modcall[accounting]: module "unix" returns noop for request 27<br>radius_xlat: '/usr/local/freeradius/var/log/radius/radutmp'<br>rlm_radutmp: NAS madwif!
i_t41 rebooted (Accounting-Off packet seen)<br>rlm_radutmp: Error accessing file /usr/local/freeradius/var/log/radius/radutmp: No such file or directory<br> modcall[accounting]: module "radutmp" returns ok for request 27<br>modcall: leaving group accounting (returns ok) for request 27<br>Sending Accounting-Response of id 1 to 192.168.1.120 port 32781<br>Finished request 27<br>Going to the next request<br>--- Walking the entire request list ---<br>Cleaning up request 27 ID 1 with timestamp 468e0abe<br>Nothing to do. Sleeping until we see a request.<br><br /><hr />探索 Windows Vista 的世界 <a href='http://search.live.com/results.aspx?q=windows+vista&mkt=zh-cn&FORM=LIVSOP' target='_new'>了解更多信息!</a></body>
</html>