Hi,<br> <br> Thanks for the advice..The problem to generae certs was solved.<br> Now it comes back to existing problem in version 1.1.7 where the client request to server is on and on and never get connected.<br> I wonder why NAS-IP-Address = 0.0.0.0 unlike the other as I know got IP address assigned.<br> <br> Here the log<br> Ready to process requests.<br> User-Name = "MarsNet"<br> NAS-IP-Address = 0.0.0.0<br> Framed-MTU = 1488<br> Called-Station-Id = "00:30:1a:29:03:66"<br> Calling-Station-Id = "00:1c:f0:10:56:b8"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "127.0.0.1"<br> Connect-Info = "CONNECT 11Mbps
802.11b"<br> EAP-Message = 0x0201000c014d6172734e6574<br> Message-Authenticator = 0x971de64ca91d1afd0e499d63b8b9aff2<br> +- entering group authorize<br> ++[preprocess] returns ok<br> ++[chap] returns noop<br> ++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "MarsNet", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> ++[suffix] returns noop<br> rlm_eap: EAP packet type response id 1 length 12<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> ++[eap] returns updated<br> ++[unix] returns notfound<br> users: Matched entry MarsNet at line 91<br> expand: Hello, %{User-Name} -> Hello, MarsNet<br> ++[files] returns ok<br> ++[expiration] returns noop<br> ++[logintime] returns noop<br> rlm_pap: Found existing Auth-Type, not changing
it.<br> ++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br> auth: type "EAP"<br> +- entering group authenticate<br> rlm_eap: EAP Identity<br> rlm_eap: processing type tls<br> rlm_eap_tls: Requiring client certificate<br> rlm_eap_tls: Initiate<br> rlm_eap_tls: Start returned 1<br> ++[eap] returns handled<br> Reply-Message = "Hello, MarsNet"<br> EAP-Message = 0x010200060d20<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x13382f46133a22a47c694fefa3fc3d08<br> Finished request 0.<br> Going to the next request<br> Waking up in 4.9 seconds.<br> User-Name = "MarsNet"<br> NAS-IP-Address = 0.0.0.0<br>
Framed-MTU = 1488<br> Called-Station-Id = "00:30:1a:29:03:66"<br> Calling-Station-Id = "00:1c:f0:10:56:b8"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "127.0.0.1"<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> State = 0x13382f46133a22a47c694fefa3fc3d08<br> EAP-Message = 0x020200500d800000004616030100410100003d03014832660e2f0fb111fc67ba57fe53cac5b6e069fba786f0ec44807023b4284a8800001600040005000a000900640062000300060013001200630100<br> Message-Authenticator = 0x0fe925603be76e65a1404457ac5412b6<br> +- entering group authorize<br> ++[preprocess] returns ok<br> ++[chap] returns
noop<br> ++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "MarsNet", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> ++[suffix] returns noop<br> rlm_eap: EAP packet type response id 2 length 80<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> ++[eap] returns updated<br> ++[unix] returns notfound<br> users: Matched entry MarsNet at line 91<br> expand: Hello, %{User-Name} -> Hello, MarsNet<br> ++[files] returns ok<br> ++[expiration] returns noop<br> ++[logintime] returns noop<br> rlm_pap: Found existing Auth-Type, not changing it.<br> ++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br> auth: type "EAP"<br> +- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/tls<br> rlm_eap: processing type tls<br>
rlm_eap_tls: Authenticate<br> rlm_eap_tls: processing TLS<br> TLS Length 70<br> rlm_eap_tls: Length Included<br> eaptls_verify returned 11<br> (other): before/accept initialization<br> TLS_accept: before/accept initialization<br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello<br> TLS_accept: SSLv3 read client hello A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello<br> TLS_accept: SSLv3 write server hello A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 084c], Certificate<br> TLS_accept: SSLv3 write certificate A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a6], CertificateRequest<br> TLS_accept: SSLv3 write certificate request A<br> TLS_accept: SSLv3 flush data<br> TLS_accept: Need to read more data: SSLv3 read
client certificate A<br> In SSL Handshake Phase<br> In SSL Accept mode<br> eaptls_process returned 13<br> ++[eap] returns handled<br> Reply-Message = "Hello, MarsNet"<br> EAP-Message = 0x010304000dc00000094b160301004a020000460301483265fd7c96a0e9fc9713fe93e9d180d22d37c1ae1a232b02433ecfcf033a34206f7a9cb000aa67272b2e95ac37019ecdc8a5bf6c574b0298bf67ddb71033c027000400160301084c0b0008480008450003a13082039d30820285a003020102020101300d06092a864886f70d0101040500308194310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3127302506035504<br> EAP-Message =
0x03131e4d617273696e646f20436572746966696361746520417574686f72697479301e170d3038303532303034333135355a170d3039303532303034333135355a3076310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e311d301b060355040313144d617273696e646f2053657276657220436572743120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bca7c767561f951c18502242b005f2d0727dc1affd01c9b29918bbd3af268c095b091c<br> EAP-Message =
0xc62304d82d388c4380d586d49eab42a7f82f4b9b86bdb1d5b0889644476f901a737c94349781c611d7d2da2ffbe8de5fa4534c28a4dffb2fbf805a6c9dff87227d8a0fab4dea651fc4223748b75d302ee960e8beda05996d8b2342b841770b030bef53297a177f431184747aa3bdc11f49750b8c603cb589c13583904a9ba6ef6560df8519d5a2dbeb7fe33c8a0ac801bb3e1f68d510b0c82312bd7fcb8d50c6286f3f7a45079625c0b4f9912cc83664227c5d418c10006a230c66172677d3bb4091370b0b871bda07bec0a82ee8f1377d3a8fadf0398f35beea0d89f70203010001a317301530130603551d25040c300a06082b06010505070301300d<br> EAP-Message =
0x06092a864886f70d010104050003820101004fbfef54576f9aac86015d57964cc2def331a16bf997b2b983ec834fb72f42e43b335bf1ad890123b205fac6a64bc0f824f34806cab4532dc9d48c1f827fc8050d3fe13af9df766b71ba58c515eaef089cfc685c5399371f1ef8f123cee3990828942848c20c60c6ab0ef93ba786b829816f24183e53aefeeea6fd11061a320fc0fe871220ad9f403497754f7187b2fe58dbf420af6cbf62297119bf1724539671bd8015dc1cc3a7c55b69cd63a4a2c35d523463ac9f44338f049b9d3b10c330b7d2dc183a1565cba70bb125c57ffdeed44785e3f36d404a094df74380dc1133d675c9aa87a6fd41e8e79f<br> EAP-Message = 0x93bd38749f3d952fe10c35a8<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x13382f46123b22a47c694fefa3fc3d08<br> Finished request 1.<br> Going to the next request<br> <br><br><b><i>Kwok Sianbin <sianbin_kwok@yahoo.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16,
16, 255); margin-left: 5px; padding-left: 5px;"> Hi All,<br> <br> I have problem generating client certificate for Windows Xp.<br> <br> # make client.pem<br> openssl req -new -out client.csr -keyout client.key -config ./client.cnf<br> Generating a 2048 bit RSA private key<br> ...................................................................+++<br> .......+++<br> writing new private key to 'client.key'<br> -----<br> openssl ca -batch -keyfile server.key -cert server.crt -in client.csr -key `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf<br> Using configuration from ./client.cnf<br> unable to load certificate<br> 4773:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE<br> make: *** [client.crt] Error 1<br> <br> I looked in client.cnf and I could not figure out where got wrong!<br> <div> -<br>List
info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html</div></blockquote><br><p>