<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Hello,<br>
<br>
<div style="direction: ltr;">Hello,<br>
<br>
I work on a WIFI authentication project, dealing with EAP/TLS on
Freeradius.<br>
I allready read a lots of docs on the net<br>
<br>
The certificats are created with xpextensions and installed.<br>
I use freeradius.<br>
<br>
My config files are joined.<br>
Client : windows XP pro sp2.<br>
<br>
Here is the freeradius log when I try to connect :<br>
<br>
rad_recv: Access-Request packet from host <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100:32778" target="_blank">172.17.5.100:32778</a>,
id=168, length=150<br>
User-Name = "mobile"<br>
NAS-IP-Address = <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a><br>
NAS-Identifier = "<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a>"<br>
NAS-Port = 1<br>
NAS-Port-Type = Wireless-802.11<br>
Calling-Station-Id = "000F20957BB7"<br>
Called-Station-Id = "000B8641C660"<br>
Framed-MTU = 1100<br>
EAP-Message = 0x0201000b016d6f62696c65<br>
Aruba-Essid-Name = "eole"<br>
Aruba-Location-Id = "2.1.1"<br>
Message-Authenticator = 0x4b5ee61553ec73cc454c403ec873<wbr>ad24<br>
rlm_pap: WARNING! No "known good" password found for the user.<br>
Authentication may fail because of this.<br>
Sending Access-Challenge of id 168 to <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a> port 32778<br>
Aruba-User-Vlan = 200<br>
Aruba-User-Role = "eole"<br>
EAP-Message = 0x010200060d20<br>
Message-Authenticator = 0x0000000000000000000000000000<wbr>0000<br>
State = 0xf1d8d2c72aac139bb25089361b94<wbr>918e<br>
rad_recv: Access-Request packet from host <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100:32778" target="_blank">172.17.5.100:32778</a>,
id=169, length=269<br>
User-Name = "mobile"<br>
NAS-IP-Address = <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a><br>
NAS-Identifier = "<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a>"<br>
NAS-Port = 1<br>
NAS-Port-Type = Wireless-802.11<br>
Calling-Station-Id = "000F20957BB7"<br>
Called-Station-Id = "000B8641C660"<br>
Framed-MTU = 1100<br>
EAP-Message = 0x020200700d800000006616030100<wbr>610100005d0301473c2a4b42652839<wbr>2f0efd1946172b375ed92f04360eb7<wbr>068b276ad02f65df942002bc6aa892<wbr>9e3855237d44cfed0de9e0eef68303<wbr>30686250346b2a2141ff2f66001600<wbr>040005000a00090064006200030006<wbr>0013001200630100<br>
State = 0xf1d8d2c72aac139bb25089361b94<wbr>918e<br>
Aruba-Essid-Name = "eole"<br>
Aruba-Location-Id = "2.1.1"<br>
Message-Authenticator = 0xd4944b76a67263b3c6431530b335<wbr>22d1<br>
rlm_pap: WARNING! No "known good" password found for the user.<br>
Authentication may fail because of this.<br>
Sending Access-Challenge of id 169 to <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a> port 32778<br>
Aruba-User-Vlan = 200<br>
Aruba-User-Role = "eole"<br>
EAP-Message = 0x0103040a0dc00000041116030100<wbr>4a020000460301473c2a46804b2c38<wbr>88c0fcb80af8456213cc201aedf4db<wbr>c513dcc2f8dc0d7a2520c39aea5635<wbr>9ef81ae4da7be8959b0abee59ccc86<wbr>f23934883ad976089ed8db27000400<wbr>16030102fa0b0002f60002f30002f0<wbr>308202ec30820255a0030201020201<wbr>01300d06092a864886f70d01010405<wbr>003081ab310b300906035504061302<wbr>46523112301006035504081309426f<wbr>7572676f676e65310f300d06035504<wbr>071306426561756e65311530130603<wbr>55040a130c63682d626561756e652e<wbr>6672311b3019060355040b13127369<wbr>6e666f2e63682d626561756e652e66<wbr>7231193017060355040313104348<br>
EAP-Message = 0x2d424541554e4520544c53204341<wbr>3128302606092a864886f70d010901<wbr>161961646d696e2e72657365617540<wbr>63682d626561756e652e6672301e17<wbr>0d3037313030343036303635395a17<wbr>0d3137313030313036303635395a30<wbr>81b2310b3009060355040613024652<wbr>3112301006035504081309426f7572<wbr>676f676e65310f300d060355040713<wbr>06426561756e653115301306035504<wbr>0a130c63682d626561756e652e6672<wbr>311b3019060355040b131273696e66<wbr>6f2e63682d626561756e652e667231<wbr>20301e060355040313176672656572<wbr>61646975732e63682d626561756e65<wbr>2e66723128302606092a864886f70d<wbr>010901161961646d696e2e726573<br>
EAP-Message = 0x6561754063682d626561756e652e<wbr>667230819f300d06092a864886f70d<wbr>010101050003818d00308189028181<wbr>00b0dbd8779b2d0041264551b5a97c<wbr>4860c2fdec4c953a8d6f00839eadfc<wbr>cced93c100d3d832cb2e7432ebf880<wbr>0008ccae4183baa244042116d38a5f<wbr>31f31e475bfa0ada5047795d30b4b1<wbr>4b79585dc719f95eb361efecb1efef<wbr>87b1c832dbf69380a46375e46f3eb8<wbr>8df40ab35ebed329e35978ab394989<wbr>e7114ca11c1444ae1f0203010001a3<wbr>17301530130603551d25040c300a06<wbr>082b06010505070301300d06092a86<wbr>4886f70d01010405000381810053a2<wbr>16c3ab1d7895dd006da7dbc281c4fd<wbr>6159869c212aa97e72cf29c5b109<br>
EAP-Message = 0x2468002d3c9d510561b12ce489d0<wbr>bfb8e227fe9d02d96d7c740c57cbea<wbr>c880d50d39983db03e46e9705ad0b9<wbr>15d2d9dd166fa746a7043e0af9f483<wbr>213b43276d1822469d97c73074cb5d<wbr>0225e8d9709a7a04303495279eda4d<wbr>ca1c44284997705216030100be0d00<wbr>00b60301024000b000ae3081ab310b<wbr>300906035504061302465231123010<wbr>06035504081309426f7572676f676e<wbr>65310f300d06035504071306426561<wbr>756e6531153013060355040a130c63<wbr>682d626561756e652e6672311b3019<wbr>060355040b131273696e666f2e6368<wbr>2d626561756e652e66723119301706<wbr>03550403131043482d424541554e45<wbr>20544c532043413128302606092a<br>
EAP-Message = 0x864886f70d010901161961646d69<wbr>6e2e726573656175<br>
Message-Authenticator = 0x0000000000000000000000000000<wbr>0000<br>
State = 0x3086036a150a272bec4609fc740f<wbr>db2d<br>
rad_recv: Access-Request packet from host <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100:32778" target="_blank">172.17.5.100:32778</a>,
id=170, length=163<br>
User-Name = "mobile"<br>
NAS-IP-Address = <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a><br>
NAS-Identifier = "<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a>"<br>
NAS-Port = 1<br>
NAS-Port-Type = Wireless-802.11<br>
Calling-Station-Id = "000F20957BB7"<br>
Called-Station-Id = "000B8641C660"<br>
Framed-MTU = 1100<br>
EAP-Message = 0x020300060d00<br>
State = 0x3086036a150a272bec4609fc740f<wbr>db2d<br>
Aruba-Essid-Name = "eole"<br>
Aruba-Location-Id = "2.1.1"<br>
Message-Authenticator = 0xb21a49657c022a70310f50e9eaae<wbr>a067<br>
rlm_pap: WARNING! No "known good" password found for the user.<br>
Authentication may fail because of this.<br>
rlm_eap_tls: No SSL info available. Waiting for more SSL data.<br>
Sending Access-Challenge of id 170 to <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a> port 32778<br>
Aruba-User-Vlan = 200<br>
Aruba-User-Role = "eole"<br>
EAP-Message = 0x0104001b0d80000004114063682d<wbr>626561756e652e66720e000000<br>
Message-Authenticator = 0x0000000000000000000000000000<wbr>0000<br>
State = 0xc8d232500b2a33696b274f085732<wbr>a7ad<br>
rad_recv: Access-Request packet from host <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100:32778" target="_blank">172.17.5.100:32778</a>,
id=171,<br>
length=1236<br>
User-Name = "mobile"<br>
NAS-IP-Address = <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a><br>
NAS-Identifier = "<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a>"<br>
NAS-Port = 1<br>
NAS-Port-Type = Wireless-802.11<br>
Calling-Station-Id = "000F20957BB7"<br>
Called-Station-Id = "000B8641C660"<br>
Framed-MTU = 1100<br>
EAP-Message = 0x0204042f0d800000042516030103<wbr>f50b0002e50002e20002df308202db<wbr>30820244a003020102020102300d06<wbr>092a864886f70d01010405003081ab<wbr>310b30090603550406130246523112<wbr>301006035504081309426f7572676f<wbr>676e65310f300d0603550407130642<wbr>6561756e6531153013060355040a13<wbr>0c63682d626561756e652e6672311b<wbr>3019060355040b131273696e666f2e<wbr>63682d626561756e652e6672311930<wbr>170603550403131043482d42454155<wbr>4e4520544c53204341312830260609<wbr>2a864886f70d010901161961646d69<wbr>6e2e7265736561754063682d626561<wbr>756e652e6672301e170d3037313030<wbr>343036303731345a170d31373130<br>
EAP-Message = 0x30313036303731345a3081a1310b<wbr>300906035504061302465231123010<wbr>06035504081309426f7572676f676e<wbr>65310f300d06035504071306426561<wbr>756e6531153013060355040a130c63<wbr>682d626561756e652e6672311b3019<wbr>060355040b131273696e666f2e6368<wbr>2d626561756e652e6672310f300d06<wbr>0355040313066d6f62696c65312830<wbr>2606092a864886f70d010901161961<wbr>646d696e2e7265736561754063682d<wbr>626561756e652e667230819f300d06<wbr>092a864886f70d010101050003818d<wbr>0030818902818100c7e0561703a826<wbr>82e303bc32ad8f092d170286ccb209<wbr>25dfd0b0d2e9f0c58667b142544126<wbr>c9a74f3a256a82d1e5dda7ecfe5b<br>
EAP-Message = 0xb38fa2929f9e97027c7608bca14b<wbr>30b865defb04d6bc5d4e419202b316<wbr>fa621176751580a2611946ba54b8af<wbr>076b8c412ec33db7870001d8fa22d2<wbr>03748a2b2e447c25f323d525cc096b<wbr>a043bd0203010001a3173015301306<wbr>03551d25040c300a06082b06010505<wbr>070302300d06092a864886f70d0101<wbr>04050003818100a0cce5db99b46182<wbr>62044bb8211a71dc074e34bdcacb6d<wbr>0082966715c2ede22e1278f7cc781c<wbr>166f9a791b6f657022a91f5d38cee9<wbr>526f0ae0c2da574b7aef62b6f867bc<wbr>53a577dca3fcc19519e018a8c11b79<wbr>471f899446f8b01dd42d0d669eede0<wbr>56e01659b84fe31ecc5e4237a3b2cf<wbr>8d8e918540fc85bf133596ae2c84<br>
EAP-Message = 0xaf1000008200802aaf3007c9a62c<wbr>ea5127aa63790a76002f40fc8905d0<wbr>2d0e263dbbccdb2828e5e7bf5f29b1<wbr>e273e522d1034d3101144d21a318a4<wbr>a3da6b1eb23afcca071a3eaf80a9d8<wbr>d5689bb9b3167382f7b11ce74858a8<wbr>05dec8b7fe4de89c57a88292ab30c1<wbr>1eb906935cdc3088acc25d51efde2d<wbr>52383072b173d681628e816541a502<wbr>980f000082008002d36c0fd4caef08<wbr>e1df313014ef3f2dec0d384e44ccc3<wbr>e14270e0a8dbfba995a7a1ca12642a<wbr>788038452c773f88ed50bb8702774d<wbr>2602dcd2d2ef250c62b291ec0dcd15<wbr>3fd4aa52b507d67bfb7bdb6bdd125b<wbr>dceb0faf3f1743236201193e165775<wbr>2f2954088ee8dc4892579e50294f<br>
EAP-Message = 0x4e7c27d59c78f90d2418a89251f0<wbr>aca114030100010116030100205aec<wbr>aefe538a1fd0ec6a1f4207aaed488d<wbr>4a7753d73c152df6f6cf29c492074e<br>
State = 0xc8d232500b2a33696b274f085732<wbr>a7ad<br>
Aruba-Essid-Name = "eole"<br>
Aruba-Location-Id = "2.1.1"<br>
Message-Authenticator = 0xcc6360144fd21b838bf72feda673<wbr>bd28<br>
rlm_pap: WARNING! No "known good" password found for the user.<br>
Authentication may fail because of this.<br>
chain-depth=1,<br>
error=0<br>
--> User-Name = mobile<br>
--> BUF-Name = CH-BEAUNE TLS CA<br>
--> subject = /C=FR/ST=Bourgogne/L=Beaune/O=<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://ch-beaune.fr/OU=sinfo.ch-beaune.fr/CN=CH-BEAUNE"
target="_blank">ch-beaune.fr/OU=sinfo.ch<wbr>-beaune.fr/CN=CH-BEAUNE</a><br>
TLS CA/emailAddress=<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:admin.reseau@ch-beaune.fr">admin.reseau@ch-beaune.fr</a><br>
--> issuer = /C=FR/ST=Bourgogne/L=Beaune/O=<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://ch-beaune.fr/OU=sinfo.ch-beaune.fr/CN=CH-BEAUNE"
target="_blank">ch-beaune.fr/OU=sinfo.ch<wbr>-beaune.fr/CN=CH-BEAUNE</a><br>
TLS CA/emailAddress=<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:admin.reseau@ch-beaune.fr">admin.reseau@ch-beaune.fr</a><br>
--> verify return:1<br>
chain-depth=0,<br>
error=0<br>
--> User-Name = mobile<br>
--> BUF-Name = mobile<br>
--> subject = /C=FR/ST=Bourgogne/L=Beaune/O=<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://ch-beaune.fr/OU=sinfo.ch-beaune.fr/CN=mobile/emailAddress=admin.reseau@ch-beaune.fr"
target="_blank">ch-beaune.fr/OU=sinfo.ch<wbr>-beaune.fr/CN=mobile/emailAddr<wbr>ess=admin.reseau@ch-beaune.fr</a><br>
--> issuer = /C=FR/ST=Bourgogne/L=Beaune/O=<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://ch-beaune.fr/OU=sinfo.ch-beaune.fr/CN=CH-BEAUNE"
target="_blank">ch-beaune.fr/OU=sinfo.ch<wbr>-beaune.fr/CN=CH-BEAUNE</a><br>
TLS CA/emailAddress=<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:admin.reseau@ch-beaune.fr">admin.reseau@ch-beaune.fr</a><br>
--> verify return:1<br>
Sending Access-Challenge of id 171 to <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a> port 32778<br>
Aruba-User-Vlan = 200<br>
Aruba-User-Role = "eole"<br>
EAP-Message = 0x010500350d800000002b14030100<wbr>01011603010020c42bc430a3603bfb<wbr>36e8b8fd046b0e9c5f9d27efb22fb1<wbr>826a0794f8939e72b5<br>
Message-Authenticator = 0x0000000000000000000000000000<wbr>0000<br>
State = 0x182de49cc578ef73f4090ae54adb<wbr>586c<br>
rad_recv: Access-Request packet from host <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100:32778" target="_blank">172.17.5.100:32778</a>,
id=172, length=163<br>
User-Name = "mobile"<br>
NAS-IP-Address = <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a><br>
NAS-Identifier = "<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a>"<br>
NAS-Port = 1<br>
NAS-Port-Type = Wireless-802.11<br>
Calling-Station-Id = "000F20957BB7"<br>
Called-Station-Id = "000B8641C660"<br>
Framed-MTU = 1100<br>
EAP-Message = 0x020500060d00<br>
State = 0x182de49cc578ef73f4090ae54adb<wbr>586c<br>
Aruba-Essid-Name = "eole"<br>
Aruba-Location-Id = "2.1.1"<br>
Message-Authenticator = 0xc93dcf66036b55d88e0f8b087237<wbr>572b<br>
rlm_pap: WARNING! No "known good" password found for the user.<br>
Authentication may fail because of this.<br>
rlm_eap_tls: No SSL info available. Waiting for more SSL data.<br>
Sending Access-Challenge of id 172 to <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://172.17.5.100" target="_blank">172.17.5.100</a> port 32778<br>
Aruba-User-Vlan = 200<br>
Aruba-User-Role = "eole"<br>
EAP-Message = 0x0106000a0d8000000000<br>
Message-Authenticator = 0x0000000000000000000000000000<wbr>0000<br>
State = 0x7434fc4a00a7c70dde94fc0ede88<wbr>6654<br>
<br>
<br>
I see no OK, and no 'not OK'.<br>
I don't understand why 'rlm_eap_tls: No SSL info available. Waiting for
more SSL data.'<br>
I don't understand why freeradius sends an access challenge instead of
an access ok since the certificates are OK.<br>
<br>
I have to deploy on next monday.<br>
May you help me ?<br>
</div>
<span class="sg"><br>
Best regards,</span><br>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="CONTENT-TYPE" content="text/html; ">
<table border="0" cellpadding="5" cellspacing="0" width="387">
<col width="182"> <col width="182"> <tbody>
<tr>
<td colspan="2" bgcolor="#800000" valign="top" width="377"> <font
color="#ffff99"><font face="Times New Roman, serif"> <font style=""> <b>Hospices
Civils de Beaune</b> </font> </font> </font> </td>
</tr>
<tr>
<td colspan="2" valign="top" width="377"> <font
face="Arial, sans-serif"> <font style="font-size: 9pt;"> <b>Patrice
OLIVER</b><br>
</font> </font> <font style="" face="Arial, sans-serif"> <font
style="font-size: 7pt;"> <i>Chef de Projet Ville Hôpital</i> </font>
</font><br>
<font style="" face="Arial, sans-serif"> <font
style="font-size: 7pt;"> <i>Responsable Réseau & Sécurité</i> </font>
</font> </td>
</tr>
<tr valign="top">
<td width="182"> <font face="Arial, sans-serif"><font
style="font-size: 7pt;">BP 104</font></font><br>
<font face="Arial, sans-serif"><font style="font-size: 7pt;">21203
BEAUNE Cedex</font></font> </td>
<td width="182"> <font face="Arial, sans-serif"><font
style="font-size: 7pt;">Tél. 03 80 24 44 09</font></font><br>
<font face="Arial, sans-serif"><font style="font-size: 7pt;" 1="">Fax.
03 80 24 45 90</font></font> </td>
</tr>
</tbody>
</table>
<hr>
<font color="#808080"><font face="Arial"><font style="font-size: 7pt;"
size="1">Ce
message, y compris les pièces jointes, est établi à
l'attention exclusive de son ou ses destinataires et est
confidentiel. Toute utilisation non conforme à sa destination,
toute diffusion ou publication, totale ou partielle, est interdite
sauf autorisation expresse de l'expéditeur. Si vous n'êtes
pas le destinataire de ce message, merci d'avertir l'expéditeur
de l'erreur de distribution puis de le détruire.<br>
Tout
message électronique est susceptible d'altération et
son intégrité ne peut être assurée.
L'expéditeur décline toute responsabilité dans
l'hypothèse où il aurait été modifié
ou falsifié.</font></font></font><br>
</div>
</body>
</html>