Hi<br><br>I configured a freeradius server with EAP_TLS to authenticate clients that connects to Cisco AP.<br><br>When I run freeradius -X I got a lot of activity output but the client is still trying to authenticate <br><br>
I post last lines from the server's output<br><br>I see the port of Access-request es 1645 but I did configure 1812 in both server and Cisco AP<br><br>The line "[tls] eaptls_process returned 13 " means something wrong?<br>
<br>What should be the correct output when successful authentication occurs?<br><br>Thanks<br>====<br>rad_recv: Access-Request packet from host 192.168.X.X port 1645, id=51, length=143<br> User-Name = "etalaveran"<br>
Framed-MTU = 1400<br> Called-Station-Id = "aca0.16ba.89f2"<br> Calling-Station-Id = "0021.63ca.fdbe"<br> Service-Type = Login-User<br> Message-Authenticator = 0x32824bc17cf2b4b4920577cc57e00177<br>
EAP-Message = 0x020700060d00<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 285<br> NAS-Port-Id = "285"<br> State = 0x732b0744702c0abef63c2dd8a2b9de35<br> NAS-IP-Address = 192.168.1.82<br>
+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "etalaveran", looking up realm NULL<br>[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>[eap] EAP packet type response id 7 length 6<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>[files] users: Matched entry etalaveran at line 2<br>
++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>[eap] EAP/tls<br>[eap] processing type tls<br>[tls] Authenticate<br>[tls] processing EAP-TLS<br>[tls] Received TLS ACK<br>[tls] ACK handshake fragment handler<br>[tls] eaptls_verify returned 1 <br>
[tls] eaptls_process returned 13 <br>++[eap] returns handled<br>Sending Access-Challenge of id 51 to 192.168.X.X port 1645<br> EAP-Message = 0x0108000a0d8000000000<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x732b074477230abef63c2dd8a2b9de35<br>Finished request 19.<br>Going to the next request<br>Waking up in 4.8 seconds.<br>Cleaning up request 15 ID 47 with timestamp +117<br>Cleaning up request 16 ID 48 with timestamp +117<br>
Cleaning up request 17 ID 49 with timestamp +117<br>Cleaning up request 18 ID 50 with timestamp +117<br>Cleaning up request 19 ID 51 with timestamp +117<br>Ready to process requests.<br>=================<br><br><br clear="all">
<br>-- <br><span style="font-family: arial,sans-serif; font-size: 13px; border-collapse: collapse;"><p style="margin: 0px;"><b><span style="font-size: small;"><font color="#666666">Esteban Talavera</font></span></b><font color="#666666"><span style="font-size: small;"></span></font></p>
<br></span><br>