<span lang="EN">
<div>Hi All,</div>
<div> Below is the complete Log..</div>
<div> Please let me know how to solve/debug it..</div>
<div> </div>
<div> </div>
<div>Waking up in 4.9 seconds.</div>
<p>rad_recv: Access-Request packet from host 192.168.1.1 port 4991, id=2, length=144</p>
<p>User-Name = "maemo"</p>
<p>NAS-IP-Address = 192.168.1.1</p>
<p>Called-Station-Id = "0023692c6f74"</p>
<p>Calling-Station-Id = "0026cc77eec0"</p>
<p>NAS-Identifier = "0023692c6f74"</p>
<p>NAS-Port = 25</p>
<p>Framed-MTU = 1400</p>
<p>State = 0x45582910465c24fb98a2f4e05021adb4</p>
<p>NAS-Port-Type = Wireless-802.11</p>
<p>EAP-Message = 0x0204000d0d001503010002012a</p>
<p>Message-Authenticator = 0x931254661785b3d79fa3b2f098878921</p>
<p>+- entering group authorize {...}</p>
<p>++[preprocess] returns ok</p>
<p>++[chap] returns noop</p>
<p>++[mschap] returns noop</p>
<p>[suffix] No '@' in User-Name = "maemo", looking up realm NULL</p>
<p>[suffix] No such realm "NULL"</p>
<p>++[suffix] returns noop</p>
<p>[eap] EAP packet type response id 4 length 13</p>
<p>[eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p>++[eap] returns updated</p>
<p>++[unix] returns updated</p>
<p>[files] users: Matched entry maemo at line 75</p>
<p>++[files] returns ok</p>
<p>++[expiration] returns noop</p>
<p>++[logintime] returns noop</p>
<p>[pap] Found existing Auth-Type, not changing it.</p>
<p>++[pap] returns noop</p>
<p>Found Auth-Type = EAP</p>
<p>+- entering group authenticate {...}</p>
<p>[eap] Request found, released from the list</p>
<p>[eap] EAP/tls</p>
<p>[eap] processing type tls</p>
<p>[tls] Authenticate</p>
<p>[tls] processing EAP-TLS</p>
<p>[tls] eaptls_verify returned 7 </p>
<p>[tls] Done initial handshake</p>
<p>[tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate </p>
<p>TLS Alert read:warning:bad certificate </p>
<p>[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A</p>
<p>In SSL Handshake Phase </p>
<p>In SSL Accept mode </p>
<p>SSL Application Data</p>
<p>TLS failed during operation</p>
<p>[tls] eaptls_process returned 4 </p>
<p>[eap] Handler failed in EAP/tls</p>
<p>[eap] Failed in EAP select</p>
<p>++[eap] returns invalid</p>
<p>Failed to authenticate the user.</p>
<p>Using Post-Auth-Type Reject</p>
<p>+- entering group REJECT {...}</p>
<p>expand: %{User-Name} -> maemo</p>
<p>attr_filter: Matched entry DEFAULT at line 11</p>
<p>++[attr_filter.access_reject] returns updated</p>
<p>Delaying reject of request 4 for 1 seconds</p>
<p>Going to the next request</p>
<p>Waking up in 0.9 seconds.</p>
<p>rad_recv: Access-Request packet from host 192.168.1.1 port 4993, id=2, length=126</p>
<p>User-Name = "maemo"</p>
<p>NAS-IP-Address = 192.168.1.1</p>
<p>Called-Station-Id = "0023692c6f74"</p>
<p>Calling-Station-Id = "0026cc77eec0"</p>
<p>NAS-Identifier = "0023692c6f74"</p>
<p>NAS-Port = 25</p>
<p>Framed-MTU = 1400</p>
<p>NAS-Port-Type = Wireless-802.11</p>
<p>EAP-Message = 0x0204000d0d001503010002020a</p>
<p>Message-Authenticator = 0x59f824b9b0758f49f85a716af1c7654f</p>
<p>+- entering group authorize {...}</p>
<p>++[preprocess] returns ok</p>
<p>++[chap] returns noop</p>
<p>++[mschap] returns noop</p>
<p>[suffix] No '@' in User-Name = "maemo", looking up realm NULL</p>
<p>[suffix] No such realm "NULL"</p>
<p>++[suffix] returns noop</p>
<p>[eap] EAP packet type response id 4 length 13</p>
<p>[eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p>++[eap] returns updated</p>
<p>++[unix] returns updated</p>
<p>[files] users: Matched entry maemo at line 75</p>
<p>++[files] returns ok</p>
<p>++[expiration] returns noop</p>
<p>++[logintime] returns noop</p>
<p>[pap] Found existing Auth-Type, not changing it.</p>
<p>++[pap] returns noop</p>
<p>Found Auth-Type = EAP</p>
<p>+- entering group authenticate {...}</p>
<p>[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request</p>
<p>[eap] Failed in handler</p>
<p>++[eap] returns invalid</p>
<p>Failed to authenticate the user.</p>
<p>Using Post-Auth-Type Reject</p>
<p>+- entering group REJECT {...}</p>
<p>expand: %{User-Name} -> maemo</p>
<p>attr_filter: Matched entry DEFAULT at line 11</p>
<p>++[attr_filter.access_reject] returns updated</p>
<p>Delaying reject of request 5 for 1 seconds</p>
<p>Going to the next request</p>
<p>Waking up in 0.9 seconds.</p>
<p>Sending delayed reject for request 4</p>
<p>Sending Access-Reject of id 2 to 192.168.1.1 port 4991</p>
<p>EAP-Message = 0x04040004</p>
<p>Message-Authenticator = 0x00000000000000000000000000000000</p>
<p>Sending delayed reject for request 5</p>
<p>Sending Access-Reject of id 2 to 192.168.1.1 port 4993</p>
<p>Waking up in 3.9 seconds.</p>
<p>Cleaning up request 0 ID 2 with timestamp +364</p>
<p>Cleaning up request 1 ID 2 with timestamp +364</p>
<p>Cleaning up request 2 ID 2 with timestamp +364</p>
<p>Cleaning up request 3 ID 2 with timestamp +364</p>
<p>Waking up in 1.0 seconds.</p>
<p>Cleaning up request 4 ID 2 with timestamp +364</p>
<p>Cleaning up request 5 ID 2 with timestamp +364</p>
<p>Ready to process requests.</p>
<p> </p>
<p> </p>
<p> </p>
<p>rad_recv: Access-Request packet from host 192.168.1.1 port 1124, id=2, length=123</p>
<p>User-Name = "maemo"</p>
<p>NAS-IP-Address = 192.168.1.1</p>
<p>Called-Station-Id = "0023692c6f74"</p>
<p>Calling-Station-Id = "0026cc77eec0"</p>
<p>NAS-Identifier = "0023692c6f74"</p>
<p>NAS-Port = 25</p>
<p>Framed-MTU = 1400</p>
<p>NAS-Port-Type = Wireless-802.11</p>
<p>EAP-Message = 0x0200000a016d61656d6f</p>
<p>Message-Authenticator = 0x596ea2d6b93bd2f361c9eeb9553a4df9</p>
<p>+- entering group authorize {...}</p>
<p>++[preprocess] returns ok</p>
<p>++[chap] returns noop</p>
<p>++[mschap] returns noop</p>
<p>[suffix] No '@' in User-Name = "maemo", looking up realm NULL</p>
<p>[suffix] No such realm "NULL"</p>
<p>++[suffix] returns noop</p>
<p>[eap] EAP packet type response id 0 length 10</p>
<p>[eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p>++[eap] returns updated</p>
<p>++[unix] returns updated</p>
<p>[files] users: Matched entry maemo at line 75</p>
<p>++[files] returns ok</p>
<p>++[expiration] returns noop</p>
<p>++[logintime] returns noop</p>
<p>[pap] Found existing Auth-Type, not changing it.</p>
<p>++[pap] returns noop</p>
<p>Found Auth-Type = EAP</p>
<p>+- entering group authenticate {...}</p>
<p>[eap] EAP Identity</p>
<p>[eap] processing type tls</p>
<p>[tls] Requiring client certificate</p>
<p>[tls] Initiate</p>
<p>[tls] Start returned 1</p>
<p>++[eap] returns handled</p>
<p>Sending Access-Challenge of id 2 to 192.168.1.1 port 1124</p>
<p>EAP-Message = 0x010100060d20</p>
<p>Message-Authenticator = 0x00000000000000000000000000000000</p>
<p>State = 0xb7ff998ab7fe9479079512a41db6a682</p>
<p>Finished request 6.</p>
<p>Going to the next request</p>
<p>Waking up in 4.9 seconds.</p>
<p>rad_recv: Access-Request packet from host 192.168.1.1 port 1126, id=2, length=201</p>
<p>User-Name = "maemo"</p>
<p>NAS-IP-Address = 192.168.1.1</p>
<p>Called-Station-Id = "0023692c6f74"</p>
<p>Calling-Station-Id = "0026cc77eec0"</p>
<p>NAS-Identifier = "0023692c6f74"</p>
<p>NAS-Port = 25</p>
<p>Framed-MTU = 1400</p>
<p>State = 0xb7ff998ab7fe9479079512a41db6a682</p>
<p>NAS-Port-Type = Wireless-802.11</p>
<p>EAP-Message = 0x020100460d800000003c16030100370100003303014b0fe11b9b2b971ae0f083c8e265b1c3eb9dd17dcfa50b25082390340290479100000c000a002f00160033000400050100</p>
<p>Message-Authenticator = 0xb09ee3ebd234b03184c8ec0c658ed6bf</p>
<p>+- entering group authorize {...}</p>
<p>++[preprocess] returns ok</p>
<p>++[chap] returns noop</p>
<p>++[mschap] returns noop</p>
<p>[suffix] No '@' in User-Name = "maemo", looking up realm NULL</p>
<p>[suffix] No such realm "NULL"</p>
<p>++[suffix] returns noop</p>
<p>[eap] EAP packet type response id 1 length 70</p>
<p>[eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p>++[eap] returns updated</p>
<p>++[unix] returns updated</p>
<p>[files] users: Matched entry maemo at line 75</p>
<p>++[files] returns ok</p>
<p>++[expiration] returns noop</p>
<p>++[logintime] returns noop</p>
<p>[pap] Found existing Auth-Type, not changing it.</p>
<p>++[pap] returns noop</p>
<p>Found Auth-Type = EAP</p>
<p>+- entering group authenticate {...}</p>
<p>[eap] Request found, released from the list</p>
<p>[eap] EAP/tls</p>
<p>[eap] processing type tls</p>
<p>[tls] Authenticate</p>
<p>[tls] processing EAP-TLS</p>
<p>TLS Length 60</p>
<p>[tls] Length Included</p>
<p>[tls] eaptls_verify returned 11 </p>
<p>[tls] (other): before/accept initialization </p>
<p>[tls] TLS_accept: before/accept initialization </p>
<p>[tls] <<< TLS 1.0 Handshake [length 0037], ClientHello </p>
<p>[tls] TLS_accept: SSLv3 read client hello A </p>
<p>[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello </p>
<p>[tls] TLS_accept: SSLv3 write server hello A </p>
<p>[tls] >>> TLS 1.0 Handshake [length 085e], Certificate </p>
<p>[tls] TLS_accept: SSLv3 write certificate A </p>
<p>[tls] >>> TLS 1.0 Handshake [length 00a6], CertificateRequest </p>
<p>[tls] TLS_accept: SSLv3 write certificate request A </p>
<p>[tls] TLS_accept: SSLv3 flush data </p>
<p>[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A</p>
<p>In SSL Handshake Phase </p>
<p>In SSL Accept mode </p>
<p>[tls] eaptls_process returned 13 </p>
<p>++[eap] returns handled</p>
<p>Sending Access-Challenge of id 2 to 192.168.1.1 port 1126</p>
<p>EAP-Message = 0x010204000dc00000093d160301002a0200002603014b0fe155017cb13e0d7e3188e182d6298fad1b95261e1468b64f7a9d76c5b6ae00000a00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479</p>
<p>EAP-Message = 0x301e170d3039313132373133343535315a170d3130313132373133343535315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b5f42282a7ad26e7add58c56b8d067a8021163ec76f07905ccc83358dedd901d243aa84ce7a023244f8ed5debcbc684a5d0bd4c0b5d805b4d7c1d95c59ae</p>
<p>EAP-Message = 0x7bacb059dd02f424d0830c020fb750d0bf63640bf6ff33dfba1783f6b876971f8a9b8a26a455910752e7759ab1a0a34b6b302b6d3b7350528412b3f3de7f76cf72a43329c1c007619225088f55d64b6299c15813844eeb92c072b1cb16774da3b8aabd68b6b816ffcb4e4792c3e75303ebcc9a4ae2b12bafbd6ec0c9ea43c74b6b0b52bd0a82da57d4943cbb1511bc740f7ea1a9a651a60fe01c5bda629eaaaa54cab99f4f59af1e27f98b550cc9e4a302caf67156bd43d8de838c564f00968e90250203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100a4c8d73c140f7728b4</p>
<p>EAP-Message = 0x6ea406b638fd84d9c291c401a750d3d3cdf3f4fce08174898c4aa6bc910a56b18a25fe8a966af33301735d61d54fe4d880f1085b7cce5454ef911f70054c5b3a8b457a83f4a13237fad33d7170e050b8ab27b7985bb05f24d1c5eb05a9fadaeaef5b36f6030f48bc6cd0b63057268a7ce4f30a3bde455e72328c9fe3db94b52c3d89e9f36331622ae72168934222e87d5449ef93260a7d2684c87ee32815d6642e43488f145ecb43c3e2c5fb6532d1efbb68b284bc40c849092ee0535c408bf5faecc5cb4ce11281acd956cb5d1b928d3326295779cf711889839d023086837abc12f17aa6ad833424948dfddf16b062f3faa217f9c7910004ab308204</p>
<p>EAP-Message = 0xa73082038fa0030201020209</p>
<p>Message-Authenticator = 0x00000000000000000000000000000000</p>
<p>State = 0xb7ff998ab6fd9479079512a41db6a682</p>
<p>Finished request 7.</p>
<p>Going to the next request</p>
<p>Waking up in 4.9 seconds.</p>
<p>rad_recv: Access-Request packet from host 192.168.1.1 port 1128, id=2, length=137</p>
<p>User-Name = "maemo"</p>
<p>NAS-IP-Address = 192.168.1.1</p>
<p>Called-Station-Id = "0023692c6f74"</p>
<p>Calling-Station-Id = "0026cc77eec0"</p>
<p>NAS-Identifier = "0023692c6f74"</p>
<p>NAS-Port = 25</p>
<p>Framed-MTU = 1400</p>
<p>State = 0xb7ff998ab6fd9479079512a41db6a682</p>
<p>NAS-Port-Type = Wireless-802.11</p>
<p>EAP-Message = 0x020200060d00</p>
<p>Message-Authenticator = 0x911a331308f2f9fd3be12ee936f776f5</p>
<p>+- entering group authorize {...}</p>
<p>++[preprocess] returns ok</p>
<p>++[chap] returns noop</p>
<p>++[mschap] returns noop</p>
<p>[suffix] No '@' in User-Name = "maemo", looking up realm NULL</p>
<p>[suffix] No such realm "NULL"</p>
<p>++[suffix] returns noop</p>
<p>[eap] EAP packet type response id 2 length 6</p>
<p>[eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p>++[eap] returns updated</p>
<p>++[unix] returns updated</p>
<p>[files] users: Matched entry maemo at line 75</p>
<p>++[files] returns ok</p>
<p>++[expiration] returns noop</p>
<p>++[logintime] returns noop</p>
<p>[pap] Found existing Auth-Type, not changing it.</p>
<p>++[pap] returns noop</p>
<p>Found Auth-Type = EAP</p>
<p>+- entering group authenticate {...}</p>
<p>[eap] Request found, released from the list</p>
<p>[eap] EAP/tls</p>
<p>[eap] processing type tls</p>
<p>[tls] Authenticate</p>
<p>[tls] processing EAP-TLS</p>
<p>[tls] Received TLS ACK</p>
<p>[tls] ACK handshake fragment handler</p>
<p>[tls] eaptls_verify returned 1 </p>
<p>[tls] eaptls_process returned 13 </p>
<p>++[eap] returns handled</p>
<p>Sending Access-Challenge of id 2 to 192.168.1.1 port 1128</p>
<p>EAP-Message = 0x010304000dc00000093d0095e43783392a6bb0300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313132373133343535315a170d3039313232373133343535315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010</p>
<p>EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c71510fb96ae45b7c0defedb61039780769de388326a8ac6e27b2158153c3e09df28261e2dce422bbc881d23845b76e7180b511fa77969e6174d649e47257700e6d8aff27f82b644d748a0b99d171153ee2e305cbff0ae7c5790da2b0bfef791e8c0017f45b348ba2333e5</p>
<p>EAP-Message = 0xe2f50d6fe9536b45fda6ff9c5e0497452fb99f2ca9ed8f0453443a84b77dd266ae23c160a0cea139267375e15a4b16d14e4aa202caf20bf36d251f67d6685f3d9f1de5114317a17795682ee7a7b03583b6ff626eff4bcd9ed5dd49cd86df98dc4f9a5f7a24bb4176c24cd4806c6a2289bd96c3658fc560546dce827958ae4c096365b926077f76b50bf38108fd9cc5a47e0eed5a110203010001a381fb3081f8301d0603551d0e04160414d3935489ab4f4373f5161ef642c209bdd72034af3081c80603551d230481c03081bd8014d3935489ab4f4373f5161ef642c209bdd72034afa18199a48196308193310b3009060355040613024652310f300d</p>
<p>EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090095e43783392a6bb0300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b86a415d22a869fe7e01ea5f3924948b764cd64851af682ad8e6ac9cea0678288b35517d6ce5602bea997da1d634382c8a758471bd9daccf171936c01d7f0794b9d25421194122ce7b314b9d51a9</p>
<p>EAP-Message = 0xa44ce5af9d6e5dbf8393869a</p>
<p>Message-Authenticator = 0x00000000000000000000000000000000</p>
<p>State = 0xb7ff998ab5fc9479079512a41db6a682</p>
<p>Finished request 8.</p>
<p>Going to the next request</p>
<p>Waking up in 4.9 seconds.</p>
<p>rad_recv: Access-Request packet from host 192.168.1.1 port 1130, id=2, length=137</p>
<p>User-Name = "maemo"</p>
<p>NAS-IP-Address = 192.168.1.1</p>
<p>Called-Station-Id = "0023692c6f74"</p>
<p>Calling-Station-Id = "0026cc77eec0"</p>
<p>NAS-Identifier = "0023692c6f74"</p>
<p>NAS-Port = 25</p>
<p>Framed-MTU = 1400</p>
<p>State = 0xb7ff998ab5fc9479079512a41db6a682</p>
<p>NAS-Port-Type = Wireless-802.11</p>
<p>EAP-Message = 0x020300060d00</p>
<p>Message-Authenticator = 0x1fc93a49fa023f01c0f9a4edc81dade5</p>
<p>+- entering group authorize {...}</p>
<p>++[preprocess] returns ok</p>
<p>++[chap] returns noop</p>
<p>++[mschap] returns noop</p>
<p>[suffix] No '@' in User-Name = "maemo", looking up realm NULL</p>
<p>[suffix] No such realm "NULL"</p>
<p>++[suffix] returns noop</p>
<p>[eap] EAP packet type response id 3 length 6</p>
<p>[eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p>++[eap] returns updated</p>
<p>++[unix] returns updated</p>
<p>[files] users: Matched entry maemo at line 75</p>
<p>++[files] returns ok</p>
<p>++[expiration] returns noop</p>
<p>++[logintime] returns noop</p>
<p>[pap] Found existing Auth-Type, not changing it.</p>
<p>++[pap] returns noop</p>
<p>Found Auth-Type = EAP</p>
<p>+- entering group authenticate {...}</p>
<p>[eap] Request found, released from the list</p>
<p>[eap] EAP/tls</p>
<p>[eap] processing type tls</p>
<p>[tls] Authenticate</p>
<p>[tls] processing EAP-TLS</p>
<p>[tls] Received TLS ACK</p>
<p>[tls] ACK handshake fragment handler</p>
<p>[tls] eaptls_verify returned 1 </p>
<p>[tls] eaptls_process returned 13 </p>
<p>++[eap] returns handled</p>
<p>Sending Access-Challenge of id 2 to 192.168.1.1 port 1130</p>
<p>EAP-Message = 0x0104015b0d800000093d4c37042760e6a3747d76641ca50d3d74b25f2169f2273d2c5e019dfd7161e4cb332270b9b0663f3f088a13f53d7e93157d1fc714658fdc17ac94705acd45fbb8e99683082f33d790c4adcbea80070408d663543930891d13f3247cc5f8b2b502b2ad06c4aa70c206c9f46f7e22ae3a70f16fcd57e7af707e5bdd73776585f148cf882cd012a36388c6734ab3e3bea7a5e9a3f8425fc4fa9dca9c115880ecc85645b379b7089d16030100a60d00009e0301024000980096308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355</p>
<p>EAP-Message = 0x040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f726974790e000000</p>
<p>Message-Authenticator = 0x00000000000000000000000000000000</p>
<p>State = 0xb7ff998ab4fb9479079512a41db6a682</p>
<p>Finished request 9.</p>
<p>Going to the next request</p>
<p>Waking up in 4.9 seconds.</p>
<p>rad_recv: Access-Request packet from host 192.168.1.1 port 1132, id=2, length=144</p>
<p>User-Name = "maemo"</p>
<p>NAS-IP-Address = 192.168.1.1</p>
<p>Called-Station-Id = "0023692c6f74"</p>
<p>Calling-Station-Id = "0026cc77eec0"</p>
<p>NAS-Identifier = "0023692c6f74"</p>
<p>NAS-Port = 25</p>
<p>Framed-MTU = 1400</p>
<p>State = 0xb7ff998ab4fb9479079512a41db6a682</p>
<p>NAS-Port-Type = Wireless-802.11</p>
<p>EAP-Message = 0x0204000d0d001503010002012a</p>
<p>Message-Authenticator = 0x776adf5edd8baebf1b09946d8e255b93</p>
<p>+- entering group authorize {...}</p>
<p>++[preprocess] returns ok</p>
<p>++[chap] returns noop</p>
<p>++[mschap] returns noop</p>
<p>[suffix] No '@' in User-Name = "maemo", looking up realm NULL</p>
<p>[suffix] No such realm "NULL"</p>
<p>++[suffix] returns noop</p>
<p>[eap] EAP packet type response id 4 length 13</p>
<p>[eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p>++[eap] returns updated</p>
<p>++[unix] returns updated</p>
<p>[files] users: Matched entry maemo at line 75</p>
<p>++[files] returns ok</p>
<p>++[expiration] returns noop</p>
<p>++[logintime] returns noop</p>
<p>[pap] Found existing Auth-Type, not changing it.</p>
<p>++[pap] returns noop</p>
<p>Found Auth-Type = EAP</p>
<p>+- entering group authenticate {...}</p>
<p>[eap] Request found, released from the list</p>
<p>[eap] EAP/tls</p>
<p>[eap] processing type tls</p>
<p>[tls] Authenticate</p>
<p>[tls] processing EAP-TLS</p>
<p>[tls] eaptls_verify returned 7 </p>
<p>[tls] Done initial handshake</p>
<p>[tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate </p>
<p>TLS Alert read:warning:bad certificate </p>
<p>[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A</p>
<p>In SSL Handshake Phase </p>
<p>In SSL Accept mode </p>
<p>SSL Application Data</p>
<p>TLS failed during operation</p>
<p>[tls] eaptls_process returned 4 </p>
<p>[eap] Handler failed in EAP/tls</p>
<p>[eap] Failed in EAP select</p>
<p>++[eap] returns invalid</p>
<p>Failed to authenticate the user.</p>
<p>Using Post-Auth-Type Reject</p>
<p>+- entering group REJECT {...}</p>
<p>expand: %{User-Name} -> maemo</p>
<p>attr_filter: Matched entry DEFAULT at line 11</p>
<p>++[attr_filter.access_reject] returns updated</p>
<p>Delaying reject of request 10 for 1 seconds</p>
<p>Going to the next request</p>
<p>Waking up in 0.9 seconds.</p>
<p>rad_recv: Access-Request packet from host 192.168.1.1 port 1134, id=2, length=126</p>
<p>User-Name = "maemo"</p>
<p>NAS-IP-Address = 192.168.1.1</p>
<p>Called-Station-Id = "0023692c6f74"</p>
<p>Calling-Station-Id = "0026cc77eec0"</p>
<p>NAS-Identifier = "0023692c6f74"</p>
<p>NAS-Port = 25</p>
<p>Framed-MTU = 1400</p>
<p>NAS-Port-Type = Wireless-802.11</p>
<p>EAP-Message = 0x0204000d0d001503010002020a</p>
<p>Message-Authenticator = 0xc0da70e5e3e25e34c5729fe4f3b06799</p>
<p>+- entering group authorize {...}</p>
<p>++[preprocess] returns ok</p>
<p>++[chap] returns noop</p>
<p>++[mschap] returns noop</p>
<p>[suffix] No '@' in User-Name = "maemo", looking up realm NULL</p>
<p>[suffix] No such realm "NULL"</p>
<p>++[suffix] returns noop</p>
<p>[eap] EAP packet type response id 4 length 13</p>
<p>[eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p>++[eap] returns updated</p>
<p>++[unix] returns updated</p>
<p>[files] users: Matched entry maemo at line 75</p>
<p>++[files] returns ok</p>
<p>++[expiration] returns noop</p>
<p>++[logintime] returns noop</p>
<p>[pap] Found existing Auth-Type, not changing it.</p>
<p>++[pap] returns noop</p>
<p>Found Auth-Type = EAP</p>
<p>+- entering group authenticate {...}</p>
<p>[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request</p>
<p>[eap] Failed in handler</p>
<p>++[eap] returns invalid</p>
<p>Failed to authenticate the user.</p>
<p>Using Post-Auth-Type Reject</p>
<p>+- entering group REJECT {...}</p>
<p>expand: %{User-Name} -> maemo</p>
<p>attr_filter: Matched entry DEFAULT at line 11</p>
<p>++[attr_filter.access_reject] returns updated</p>
<p>Delaying reject of request 11 for 1 seconds</p>
<p>Going to the next request</p>
<p>Waking up in 0.9 seconds.</p>
<p>Sending delayed reject for request 10</p>
<p>Sending Access-Reject of id 2 to 192.168.1.1 port 1132</p>
<p>EAP-Message = 0x04040004</p>
<p>Message-Authenticator = 0x00000000000000000000000000000000</p>
<p>Sending delayed reject for request 11</p>
<p>Sending Access-Reject of id 2 to 192.168.1.1 port 1134</p>
<p>Waking up in 3.9 seconds.</p>
<p>Cleaning up request 6 ID 2 with timestamp +1200</p>
<p>Cleaning up request 7 ID 2 with timestamp +1200</p>
<p>Cleaning up request 8 ID 2 with timestamp +1200</p>
<p>Cleaning up request 9 ID 2 with timestamp +1200</p>
<p>Waking up in 1.0 seconds.</p>
<p>Cleaning up request 10 ID 2 with timestamp +1200</p>
<p>Cleaning up request 11 ID 2 with timestamp +1200</p>
<p>Ready to process requests.</p>
<p> </p>
<p> </p></span><br><br>
<div class="gmail_quote">On Sat, Dec 5, 2009 at 7:24 PM, <span dir="ltr"><<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>
<div></div>
<div class="h5">> Iam using Freeeadius 2.1.0. The setup is working fine with EAP-TTLS,<br>> PEAP<br>> method.But for EAP TLS, it gives the below error..<br>> Please let me know how to solve..<br>><br>><br>
><br>> [eap] Handler failed in EAP/tls<br>> [eap] Failed in EAP select<br>> ++[eap] returns invalid<br>> Failed to authenticate the user.<br><br></div></div>Well, post the rest of the debug.<br><br>Ivan Kalik<br>
<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br><br clear="all"><br><br><br>Regards<br>
Senthil<br>