<div>If I select EAP-TTLS + use only my certificate for auth will cause segmentation fault. Others seems OK.</div> <div> </div> <div>Debug info:</div> <div>rad_recv: Access-Request packet from host 192.168.200.57:32785, id=95, length=325� <BR> User-Name = "bbb"� <BR> NAS-IP-Address = 192.168.200.57� <BR> NAS-Identifier = "auth_test"� <BR> NAS-Port = 0� <BR> Called-Station-Id = "00-19-77-02-E6-90:auth-wpa2-tkip-8021x"� <BR> Calling-Station-Id = "00-1D-7E-03-2B-CF"� <BR> Framed-MTU = 1500� <BR> NAS-Port-Type = Wireless-802.11� <BR> Connect-Info = "CONNECT 11Mbps 802.11b"�
<BR> EAP-Message = 0x0215009015800000008616030100461000004200400d423029041904e4b654b0384c78b56d7490853af607b909c2f54fc376bebac512ebfb7663e9ee2fc7320d175037da31f09e90ad986d539d519d6ef6c39f577914030100010116030100302027f914730434165f520dc31734211631a5c96402b0ddabaf4d815209d07bb6c0f2817ed3a2233822587288715beab6� <BR> State = 0x4f6739def5f0e9f45fd60479253cc3cd� <BR> Message-Authenticator = 0xe06aac6aeeefc91f7920fd60b05ea9ab� <BR> Processing the authorize section of radiusd.conf� <BR>modcall: entering group authorize for request 9� <BR> modcall[authorize]: module "preprocess" returns ok for request 9� <BR> modcall[authorize]: module "chap" returns noop for request 9� <BR> modcall[authorize]: module "mschap" returns noop for request 9� <BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "bbb", looking
up realm NULL� <BR> rlm_realm: No such realm "NULL"� <BR> modcall[authorize]: module "suffix" returns noop for request 9� <BR> rlm_eap: EAP packet type response id 21 length 144� <BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation� <BR> modcall[authorize]: module "eap" returns updated for request 9� <BR>rlm_ldap: - authorize� <BR>rlm_ldap: performing user authorization for bbb� <BR>radius_xlat: '(uid=bbb)'� <BR>radius_xlat: 'ou=radius,dc=bestgo,dc=aero'� <BR>rlm_ldap: ldap_get_conn: Checking Id: 0� <BR>rlm_ldap: ldap_get_conn: Got Id: 0� <BR>rlm_ldap: performing search in ou=radius,dc=bestgo,dc=aero, with filter (uid=bbb)� <BR>rlm_ldap: checking if remote access for bbb is allowed by uid� <BR>rlm_ldap: No default NMAS login sequence� <BR>rlm_ldap: looking for check items in directory...� <BR>rlm_ldap: Adding userPassword as User-Password == "1234"� <BR>rlm_ldap: looking for reply items in
directory...� <BR>rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id:0 = "1"� <BR>rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type:0 = IPv4� <BR>rlm_ldap: Adding radiusTunnelType as Tunnel-Type:0 = GRE� <BR>rlm_ldap: user bbb authorized to use remote access� <BR>rlm_ldap: ldap_release_conn: Release Id: 0� <BR> modcall[authorize]: module "ldap" returns ok for request 9� <BR>rlm_pap: Found existing Auth-Type, not changing it.� <BR> modcall[authorize]: module "pap" returns noop for request 9� <BR>modcall: leaving group authorize (returns updated) for request 9� <BR> rad_check_password: Found Auth-Type EAP� <BR>auth: type "EAP"� <BR> Processing the authenticate section of radiusd.conf� <BR>modcall: entering group authenticate for request 9� <BR> rlm_eap: Request found, released from the list� <BR> rlm_eap: EAP/ttls� <BR> rlm_eap: processing type ttls� <BR> rlm_eap_ttls: Authenticate�
<BR> rlm_eap_tls: processing TLS� <BR>rlm_eap_tls: Length Included� <BR> eaptls_verify returned 11 � <BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange � <BR> TLS_accept: SSLv3 read client key exchange A � <BR> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] � <BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished � <BR> TLS_accept: SSLv3 read finished A � <BR> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] � <BR> TLS_accept: SSLv3 write change cipher spec A � <BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished � <BR> TLS_accept: SSLv3 write finished A � <BR> TLS_accept: SSLv3 flush data � <BR> (other): SSL negotiation finished successfully � <BR>SSL Connection Established � <BR>
eaptls_process returned 13 � <BR> modcall[authenticate]: module "eap" returns handled for request 9� <BR>modcall: leaving group authenticate (returns handled) for request 9� <BR>Sending Access-Challenge of id 95 to 192.168.200.57 port 32785� <BR> Tunnel-Private-Group-Id:0 = "1"� <BR> Tunnel-Medium-Type:0 = IPv4� <BR> Tunnel-Type:0 = GRE� <BR> EAP-Message = 0x0116004515800000003b1403010001011603010030b081e94e6f9087f3c237216ab3fd9d65fc8311b18e37e66208369fb451d373695f16b167d85e80c870295da3d2f21cf4� <BR> Message-Authenticator = 0x00000000000000000000000000000000� <BR> State = 0x10aabdcc7ef9ba295475b0706b6e070c� <BR>Finished request 9� <BR>Going to the next request� <BR>Waking up in 6 seconds...� <BR>rad_recv: Access-Request
packet from host 192.168.200.57:32785, id=96, length=187� <BR> User-Name = "bbb"� <BR> NAS-IP-Address = 192.168.200.57� <BR> NAS-Identifier = "auth_test"� <BR> NAS-Port = 0� <BR> Called-Station-Id = "00-19-77-02-E6-90:auth-wpa2-tkip-8021x"� <BR> Calling-Station-Id = "00-1D-7E-03-2B-CF"� <BR> Framed-MTU = 1500� <BR> NAS-Port-Type = Wireless-802.11� <BR> Connect-Info = "CONNECT 11Mbps 802.11b"� <BR> EAP-Message = 0x021600061500� <BR> State = 0x10aabdcc7ef9ba295475b0706b6e070c�
<BR> Message-Authenticator = 0xa07cb0441d0e9d898030c912f9ae54d3� <BR> Processing the authorize section of radiusd.conf� <BR>modcall: entering group authorize for request 10� <BR> modcall[authorize]: module "preprocess" returns ok for request 10� <BR> modcall[authorize]: module "chap" returns noop for request 10� <BR> modcall[authorize]: module "mschap" returns noop for request 10� <BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "bbb", looking up realm NULL� <BR> rlm_realm: No such realm "NULL"� <BR> modcall[authorize]: module "suffix" returns noop for request 10� <BR> rlm_eap: EAP packet type response id 22 length 6� <BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation� <BR> modcall[authorize]: module "eap" returns updated for request 10� <BR>rlm_ldap: - authorize� <BR>rlm_ldap: performing user authorization for bbb�
<BR>radius_xlat: '(uid=bbb)'� <BR>radius_xlat: 'ou=radius,dc=bestgo,dc=aero'� <BR>rlm_ldap: ldap_get_conn: Checking Id: 0� <BR>rlm_ldap: ldap_get_conn: Got Id: 0� <BR>rlm_ldap: performing search in ou=radius,dc=bestgo,dc=aero, with filter (uid=bbb)� <BR>rlm_ldap: checking if remote access for bbb is allowed by uid� <BR>rlm_ldap: No default NMAS login sequence� <BR>rlm_ldap: looking for check items in directory...� <BR>rlm_ldap: Adding userPassword as User-Password == "1234"� <BR>rlm_ldap: looking for reply items in directory...� <BR>rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id:0 = "1"� <BR>rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type:0 = IPv4� <BR>rlm_ldap: Adding radiusTunnelType as Tunnel-Type:0 = GRE� <BR>rlm_ldap: user bbb authorized to use remote access� <BR>rlm_ldap: ldap_release_conn: Release Id: 0� <BR> modcall[authorize]: module "ldap" returns ok for request 10� <BR>rlm_pap: Found existing Auth-Type, not
changing it.� <BR> modcall[authorize]: module "pap" returns noop for request 10� <BR>modcall: leaving group authorize (returns updated) for request 10� <BR> rad_check_password: Found Auth-Type EAP� <BR>auth: type "EAP"� <BR> Processing the authenticate section of radiusd.conf� <BR>modcall: entering group authenticate for request 10� <BR> rlm_eap: Request found, released from the list� <BR> rlm_eap: EAP/ttls� <BR> rlm_eap: processing type ttls� <BR> rlm_eap_ttls: Authenticate� <BR> rlm_eap_tls: processing TLS� <BR>rlm_eap_tls: Received EAP-TLS ACK message� <BR> rlm_eap_tls: ack handshake is finished� <BR> eaptls_verify returned 3 � <BR> eaptls_process returned 3�<BR>Segmentation fault</div> <div> </div> <div>John</div><p>
<hr size=1><a href="http://cn.mail.yahoo.com/"> ÑÅ»¢ÓÊÏ䣬ÄúµÄÖÕÉúÓÊÏ䣡</a>