<div id="result_box" dir="ltr">well! it worked! <br><br> Now my problem is that since the notebook I get an error: "Server mistaken identity - failed authentication" <br>
The truth is that I followed the steps recommended me to create the
certificates, the amount to the notebooks, but the error continues.<br><br>that is, I know it is wrong license, but why?, what could be the problem?. <br><br> This is the HOWTO that I follow. <br><br><div id="result_box" dir="ltr">
thank you very much for your time people, really.</div><br><br> this is my log:</div><br><br><br><br>rad_recv: Access-Request packet from host <a href="http://10.0.31.40">10.0.31.40</a> port 1645, id=1, length=136<br> User-Name = "cert"<br>
Framed-MTU = 1400<br> Called-Station-Id = "0019.2fdb.9e00"<br> Calling-Station-Id = "001f.3c22.44c5"<br> Service-Type = Login-User<br> Message-Authenticator = 0xa1d37d14d3ca314db3216fe7ad3213e9<br>
EAP-Message = 0x020100090163657274<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 257<br> NAS-IP-Address = <a href="http://10.0.31.40">10.0.31.40</a><br> NAS-Identifier = "ap"<br>
+- entering group authorize<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "cert", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
++[suffix] returns noop<br> rlm_eap: EAP packet type response id 1 length 9<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br> users: Matched entry cert at line 76<br>
++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>
+- entering group authenticate<br> rlm_eap: EAP Identity<br> rlm_eap: processing type md5<br>rlm_eap_md5: Issuing Challenge<br>++[eap] returns handled<br>Sending Access-Challenge of id 1 to <a href="http://10.0.31.40">10.0.31.40</a> port 1645<br>
EAP-Message = 0x010200160410c2f88223fdf1eaa4f3067c04238d3721<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x828568e182876c44ecbe1a83334ff52d<br>Finished request 0.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host <a href="http://10.0.31.40">10.0.31.40</a> port 1645, id=2, length=151<br> User-Name = "cert"<br> Framed-MTU = 1400<br> Called-Station-Id = "0019.2fdb.9e00"<br>
Calling-Station-Id = "001f.3c22.44c5"<br> Service-Type = Login-User<br> Message-Authenticator = 0xc2fb1c2d823ddbcd52324d74a0b5fed2<br> EAP-Message = 0x02020006030d<br> NAS-Port-Type = Wireless-802.11<br>
NAS-Port = 257<br> State = 0x828568e182876c44ecbe1a83334ff52d<br> NAS-IP-Address = <a href="http://10.0.31.40">10.0.31.40</a><br> NAS-Identifier = "ap"<br>+- entering group authorize<br>
++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "cert", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br>
rlm_eap: EAP packet type response id 2 length 6<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br> users: Matched entry cert at line 76<br>
++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>
+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP NAK<br> rlm_eap: EAP-NAK asked for EAP-Type/tls<br> rlm_eap: processing type tls<br> rlm_eap_tls: Requiring client certificate<br>
rlm_eap_tls: Initiate<br> rlm_eap_tls: Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 2 to <a href="http://10.0.31.40">10.0.31.40</a> port 1645<br> EAP-Message = 0x010300060d20<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x828568e183866544ecbe1a83334ff52d<br>Finished request 1.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host <a href="http://10.0.31.40">10.0.31.40</a> port 1645, id=3, length=255<br>
User-Name = "cert"<br> Framed-MTU = 1400<br> Called-Station-Id = "0019.2fdb.9e00"<br> Calling-Station-Id = "001f.3c22.44c5"<br> Service-Type = Login-User<br>
Message-Authenticator = 0x739c2fb445978b8fe22541c3b32fe49f<br> EAP-Message = 0x0203006e0d8000000064160301005f0100005b030148fddd7b02ee2de9cfa41a003ff5314b24e0eda43acd15432391683003cfd6e500003400390038003500160013000a00330032002f006600050004006500640063006200610060001500120009001400110008000600030100<br>
NAS-Port-Type = Wireless-802.11<br> NAS-Port = 257<br> State = 0x828568e183866544ecbe1a83334ff52d<br> NAS-IP-Address = <a href="http://10.0.31.40">10.0.31.40</a><br> NAS-Identifier = "ap"<br>
+- entering group authorize<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "cert", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
++[suffix] returns noop<br> rlm_eap: EAP packet type response id 3 length 110<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br> users: Matched entry cert at line 76<br>
++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>
+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/tls<br> rlm_eap: processing type tls<br> rlm_eap_tls: Authenticate<br> rlm_eap_tls: processing TLS<br> TLS Length 100<br>
rlm_eap_tls: Length Included<br> eaptls_verify returned 11 <br> (other): before/accept initialization <br> TLS_accept: before/accept initialization <br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello <br>
TLS_accept: SSLv3 read client hello A <br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello <br> TLS_accept: SSLv3 write server hello A <br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0839], Certificate <br>
TLS_accept: SSLv3 write certificate A <br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange <br> TLS_accept: SSLv3 write key exchange A <br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a0], CertificateRequest <br>
TLS_accept: SSLv3 write certificate request A <br> TLS_accept: SSLv3 flush data <br> TLS_accept: Need to read more data: SSLv3 read client certificate A<br>In SSL Handshake Phase <br>In SSL Accept mode <br> eaptls_process returned 13 <br>
++[eap] returns handled<br>Sending Access-Challenge of id 3 to <a href="http://10.0.31.40">10.0.31.40</a> port 1645<br> EAP-Message = 0x010404000dc000000b44160301004a02000046030148fddd7dc37e19076e351405e62f436a1922fb73cf30455f894e5c4190795ae0204a154ccf97bbead151eeaf459f681421a262c4556effa79a2002e054df616e9900390016030108390b000835000832000396308203923082027aa003020102020101300d06092a864886f70d010104050030818c310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3120301e06092a864886f70d0109011611636572744069706c616e2e636f6d2e6172311e301c060355<br>
EAP-Message = 0x04031315436572746966696361746520417574686f72697479301e170d3038313031363230313733315a170d3039313031363230313733315a3073310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c060355040a130549504c414e311b3019060355040313125365727665722043657274696669636174653120301e06092a864886f70d0109011611636572744069706c616e2e636f6d2e617230820122300d06092a864886f70d01010105000382010f003082010a0282010100e5ed708ad7629eb1a4406955fa12ca763e4d1a5264d13c13a59d82175ef6c50a8a7c145bfbba1b2ead6e65164759<br>
EAP-Message = 0x742a02898ebd5795851b82f8488ea091ea5066dc89e6af059571af16716d3fb1a6e272e7f651b4b594d5bbc2a8d245790865da844926416a6356691dac17f9cca14b98c59fb70a690d85527b855796def90e81472a8eac1d25f59bb7daa3911f36aa8b98a8c33eadce40371ecae6f94bde99b0116973fe2376511d7e1377bfde2ba0056ee0824130884744e341851d8c10a2ed37ad726554c87b3bb138b6f77e0d7abe640d513bc062deb0c8a2e72c60afe7e2f00a0601b201f3b36c89c5eefb9d7fdd00a43109b8a3efd02a0c4b45f7d4b10203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104<br>
EAP-Message = 0x050003820101000971fc8236218044d0674241bd4bf450c5c11a72d13d8e3aeb7b37d89f2eca83f6ac0c2a08a541ad6995b86f21d158777cb8b55eebd5f74b2809b97aa64404f67fb3d00a10008ff3d8a92c37311536bc5d6d0fd62f4ad6bcddfcc9b96fe0db9a6087be315c360edbb6333d45817ef783f2fa31071b46613c601c29a1f6187e5dbe0f8abb01ea6fdf5eece6af36e7f25d0ab0c9ae05ca422a0c367fe97df9d7eefeec739c36e88c3631af892ab0bb76e248c3aaf7bfe240e60b8eb86d95b78cc81e959debbe37be439d2c68b010dc81e06705c4142db6f88820a9284a0f12bb128802591036617a64e21b1521960de4ad6339381ae8be<br>
EAP-Message = 0xaf5d9a281ecc5339e0450004<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x828568e180816544ecbe1a83334ff52d<br>Finished request 2.<br>Going to the next request<br>
Waking up in 4.5 seconds.<br>rad_recv: Access-Request packet from host <a href="http://10.0.31.40">10.0.31.40</a> port 1645, id=4, length=151<br> User-Name = "cert"<br> Framed-MTU = 1400<br> Called-Station-Id = "0019.2fdb.9e00"<br>
Calling-Station-Id = "001f.3c22.44c5"<br> Service-Type = Login-User<br> Message-Authenticator = 0x252416bab9b6b1d85b8af4b674df9148<br> EAP-Message = 0x020400060d00<br> NAS-Port-Type = Wireless-802.11<br>
NAS-Port = 257<br> State = 0x828568e180816544ecbe1a83334ff52d<br> NAS-IP-Address = <a href="http://10.0.31.40">10.0.31.40</a><br> NAS-Identifier = "ap"<br>+- entering group authorize<br>
++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "cert", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br>
rlm_eap: EAP packet type response id 4 length 6<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br> users: Matched entry cert at line 76<br>
++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>
+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/tls<br> rlm_eap: processing type tls<br> rlm_eap_tls: Authenticate<br> rlm_eap_tls: processing TLS<br>rlm_eap_tls: Received EAP-TLS ACK message<br>
rlm_eap_tls: ack handshake fragment handler<br> eaptls_verify returned 1 <br> eaptls_process returned 13 <br>++[eap] returns handled<br>Sending Access-Challenge of id 4 to <a href="http://10.0.31.40">10.0.31.40</a> port 1645<br>
EAP-Message = 0x010504000dc000000b4496308204923082037aa003020102020900aa09a4eb699e73a6300d06092a864886f70d010105050030818c310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3120301e06092a864886f70d0109011611636572744069706c616e2e636f6d2e6172311e301c06035504031315436572746966696361746520417574686f72697479301e170d3038313031363230313733315a170d3038313131353230313733315a30818c310b3009060355040613024152311530130603550408130c42<br>
EAP-Message = 0x75656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3120301e06092a864886f70d0109011611636572744069706c616e2e636f6d2e6172311e301c06035504031315436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100af6a3a37df450bb00c1f30ecc060fc530881b40643e224fd853eb5e338789cb912bcecb071826a7ec4394c9c139948305fee4b3d0ac995414df5dcbda4d508af7305a7648462a0e9a11d2bdd9edb1ff348e9816035b6456edb77fa1eb0d32a778da12d839052a5fb18<br>
EAP-Message = 0x133bf2bd62e9ad8f4923585ae3ae5f7d80b85ccb2473bd9230a9e55aa0d6938b5a41ed67fb734e20c48a4f2130b71ba5ae66c13faf5dabe29e005411fd43fef788bbc983d432a0264a995278edae38db7b32cfff8c14d9724cbc063e572bebafa57c2c7c2f972711a073f196dac82ccf3b4098d44dbcc72a7d1cffc0faa1be151dd771ded7e0815f66d10028859213044728146e9b9fb10203010001a381f43081f1301d0603551d0e041604142d644d4ab03c8babf1cec71991d94174579cdd423081c10603551d230481b93081b680142d644d4ab03c8babf1cec71991d94174579cdd42a18192a4818f30818c310b30090603550406130241523115<br>
EAP-Message = 0x30130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3120301e06092a864886f70d0109011611636572744069706c616e2e636f6d2e6172311e301c06035504031315436572746966696361746520417574686f72697479820900aa09a4eb699e73a6300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010007dac509033ec6d101253a619dd68b1e9007f99b1516e4c743e7f144bc21d4231d1086f082432bec4309cded4a8190e99a6cb2ee55b2d83f1b3ef4dbf1ceb4cd1703825dc6fa7a6b3924b443911a9c5b7a035e<br>
EAP-Message = 0x7c10ed5223d868feea672798<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x828568e181806544ecbe1a83334ff52d<br>Finished request 3.<br>Going to the next request<br>
Waking up in 4.4 seconds.<br>rad_recv: Access-Request packet from host <a href="http://10.0.31.40">10.0.31.40</a> port 1645, id=5, length=151<br> User-Name = "cert"<br> Framed-MTU = 1400<br> Called-Station-Id = "0019.2fdb.9e00"<br>
Calling-Station-Id = "001f.3c22.44c5"<br> Service-Type = Login-User<br> Message-Authenticator = 0xff9eb6ba3fc361ee417c8d591840b2ad<br> EAP-Message = 0x020500060d00<br> NAS-Port-Type = Wireless-802.11<br>
NAS-Port = 257<br> State = 0x828568e181806544ecbe1a83334ff52d<br> NAS-IP-Address = <a href="http://10.0.31.40">10.0.31.40</a><br> NAS-Identifier = "ap"<br>+- entering group authorize<br>
++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "cert", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br>
rlm_eap: EAP packet type response id 5 length 6<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br> users: Matched entry cert at line 76<br>
++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>
+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/tls<br> rlm_eap: processing type tls<br> rlm_eap_tls: Authenticate<br> rlm_eap_tls: processing TLS<br>rlm_eap_tls: Received EAP-TLS ACK message<br>
rlm_eap_tls: ack handshake fragment handler<br> eaptls_verify returned 1 <br> eaptls_process returned 13 <br>++[eap] returns handled<br>Sending Access-Challenge of id 5 to <a href="http://10.0.31.40">10.0.31.40</a> port 1645<br>
EAP-Message = 0x010603620d8000000b44154f0cb0744882ef4706ec8866c6430b2df368cefb2d469c6ba9206fd7841e146d9445d9d0da14ee2ea682cf574b6a118e729df9a84852718cb6802edd2169452bbc3509d6c7a68cc2b293aecf43a7a56a746da3b57865e8945c8531c39bd1f9ce0b576a0533c793e2787d98bf322b1d7b1f03e0b6cf82a6c80c4ca96b8bdd4a6a0ef2724a3034cc3c0f3e55bd2927a673f86ad6a8d55bd1d900ef1e73550440d3160301020d0c0002090080ad2df571269b93a787f80235487c28f730b4907620fed69ef713bb4f43d3579e11b02fbf45ab4e74cf79b5d447af0fe6805157482f2b5f8185c4cc59061e6882ab9e4dd6def073<br>
EAP-Message = 0x6c0583158ab64a30e9a2de020c5e4f7a41b4c58149a9b110a6d3b521f30e96e82b2b43f2d0d1a699b6484f8c814f72d4fe8fc11d7943f2c6a300010200808d274ee97ca8a1539322ca1cc91663218998f3f246237c87d426f37ed5ca34e4219297a674b10bd0b2bad77050600c858d955abb3f5436b99f2182fb607330679a0fe893820631e51a809fe023f6e08c821c6eca3852849a5d73b5cf1dcd0b71ed6fbd57b0c492c83c313f2104812f2c5fa6ec3627ed7d2c87c0c8275fd2854f010007eb93c25d6e901a560299fc10a1b3ddb4f98c351a95f6442a02bb7ac314af82cc9d2e475c5e5fe0673fdddfe7962dca24183d4bc1e64738f0fb7ac4a5<br>
EAP-Message = 0x1f2cf4ac73dfea488a0f4be5678893c1b0be7343f290ec5f5a9ccf4f93893aecb5ad34e5de809849e6d0e61a1ad2944c8d0905eafaf74c046f5e338ecd30b1f3bfd001dc8aff4772cb307e0d87f6a6753767c0d207525cba695cce41a7031596db606fe2c644a8607c31404d7e09336b02e640bc6fd3823871cc1294587936547522651f2d52fc1c4bbdbe5e637bda47b37ccd47e7c29f3f93533b3e7161343924ea63417efc93e16618ab84d87dc74a199dac734719e5db4faecf80ca10a56f0e581016030100a00d00009804030401020091008f30818c310b3009060355040613024152311530130603550408130c4275656e6f7320416972657331<br>
EAP-Message = 0x1430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3120301e06092a864886f70d0109011611636572744069706c616e2e636f6d2e6172311e301c06035504031315436572746966696361746520417574686f726974790e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x828568e186836544ecbe1a83334ff52d<br>Finished request 4.<br>Going to the next request<br>Waking up in 4.4 seconds.<br>rad_recv: Access-Request packet from host <a href="http://10.0.31.40">10.0.31.40</a> port 1645, id=6, length=162<br>
User-Name = "cert"<br> Framed-MTU = 1400<br> Called-Station-Id = "0019.2fdb.9e00"<br> Calling-Station-Id = "001f.3c22.44c5"<br> Service-Type = Login-User<br>
Message-Authenticator = 0x7cdb2e5ab2d1ba0debf2dbe363ba0b9e<br> EAP-Message = 0x020600110d80000000071503010002022a<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 257<br> State = 0x828568e186836544ecbe1a83334ff52d<br>
NAS-IP-Address = <a href="http://10.0.31.40">10.0.31.40</a><br> NAS-Identifier = "ap"<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>
rlm_realm: No '@' in User-Name = "cert", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 6 length 17<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] returns updated<br>++[unix] returns notfound<br> users: Matched entry cert at line 76<br>++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>
++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/tls<br> rlm_eap: processing type tls<br>
rlm_eap_tls: Authenticate<br> rlm_eap_tls: processing TLS<br> TLS Length 7<br>rlm_eap_tls: Length Included<br> eaptls_verify returned 11 <br> rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal bad_certificate <br>
TLS Alert read:fatal:bad certificate <br> TLS_accept:failed in SSLv3 read client certificate A <br>rlm_eap: SSL error error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate<br>rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.<br>
eaptls_process returned 13 <br> rlm_eap: Freeing handler<br>++[eap] returns reject<br>auth: Failed to validate the user.<br> Found Post-Auth-Type Reject<br>+- entering group REJECT<br> expand: %{User-Name} -> cert<br>
attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Sending Access-Reject of id 6 to <a href="http://10.0.31.40">10.0.31.40</a> port 1645<br> EAP-Message = 0x04060004<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>Finished request 5.<br>