<b>freeradius2.1.8<br>1กข win7+protected EAP(peap)+wpa-enterprise (laptop name :leeyu-laptop)<br>2กข i have install ca.der on the win7 and winxp <br>3กข winxp+</b><b>protected EAP(peap)</b><b>+ca testing successfully, but win7 fails<br>
ERROR happened before win7 prompted me to enter username&&password.....,freeradius debug: </b><br><br><br>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Listening on command file /usr/local/freeradius//var/run/radiusd/radiusd.sock<br>
Listening on proxy address * port 1814<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 192.168.0.1 port 3075, id=144, length=191<br> User-Name = "host/Leeyu-Laptop"<br> NAS-IP-Address = 192.168.0.1<br>
NAS-Port = 0<br> Called-Station-Id = "00195b04c9e2"<br> Calling-Station-Id = "001e659fc674"<br> NAS-Identifier = "Realtek Access Point. 8181"<br> Framed-MTU = 1400<br>
NAS-Port-Type = Wireless-802.11<br> Service-Type = Framed-User<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0200001601686f73742f4c656579752d4c6170746f70<br> Message-Authenticator = 0x2cca1e2672315cf4764cc0fd2544dfe3<br>
+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[Capitek.com] No '@' in User-Name = "host/Leeyu-Laptop", looking up realm NULL<br>[Capitek.com] No such realm "NULL"<br>
++[Capitek.com] returns noop<br>[eap] EAP packet type response id 0 length 22<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>[sql_oracle] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>
[sql_oracle] ... expanding second conditional<br>[sql_oracle] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>[sql_oracle] expand: %{User-Name:-DEFAULT} -> host/Leeyu-Laptop<br>
[sql_oracle] expand: %{Stripped-User-Name:-%{User-Name:-DEFAULT}} -> host/Leeyu-Laptop<br>[sql_oracle] sql_set_user escaped user --> 'host/Leeyu-Laptop'<br>rlm_sql (sql_oracle): Reserving sql socket id: 18<br>
[sql_oracle] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'host/Leeyu-Laptop' ORDER BY id<br>
[sql_oracle] User found in radcheck table<br>[sql_oracle] expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'host/Leeyu-Laptop' ORDER BY id<br>
[sql_oracle] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM radusergroup WHERE UserName='host/Leeyu-Laptop'<br>rlm_sql (sql_oracle): Released sql socket id: 18<br>
++[sql_oracle] returns ok<br>[bklist] No Max-Attempts defined.<br>++[bklist] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 144 to 192.168.0.1 port 3075<br>
EAP-Message = 0x010100061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x246ddb0b246cc225aad5e24c6756cf9c<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 192.168.0.1 port 3075, id=145, length=307<br> User-Name = "host/Leeyu-Laptop"<br> NAS-IP-Address = 192.168.0.1<br> NAS-Port = 0<br> Called-Station-Id = "00195b04c9e2"<br>
Calling-Station-Id = "001e659fc674"<br> NAS-Identifier = "Realtek Access Point. 8181"<br> NAS-Port-Type = Wireless-802.11<br> Service-Type = Framed-User<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br>
EAP-Message = 0x0201007e198000000074160301006f0100006b03014cd4fdcd261077436d24f643f2f64fd5b4c4cb53d980a2f2400f17f2fd6205e8000018002f00350005000ac013c014c009c00a00320038001300040100002aff0100010000000011000f00000c6c656579752d6c6170746f70000a0006000400170018000b00020100<br>
State = 0x246ddb0b246cc225aad5e24c6756cf9c<br> Message-Authenticator = 0x08b295f4b9501d45e89fda21cf14c8ad<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>
[Capitek.com] No '@' in User-Name = "host/Leeyu-Laptop", looking up realm NULL<br>[Capitek.com] No such realm "NULL"<br>++[Capitek.com] returns noop<br>[eap] EAP packet type response id 1 length 126<br>
[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
TLS Length 116<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>[peap] (other): before/accept initialization <br>[peap] TLS_accept: before/accept initialization <br>[peap] <<< TLS 1.0 Handshake [length 006f], ClientHello <br>
[peap] TLS_accept: SSLv3 read client hello A <br>[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello <br>[peap] TLS_accept: SSLv3 write server hello A <br>[peap] >>> TLS 1.0 Handshake [length 085c], Certificate <br>
[peap] TLS_accept: SSLv3 write certificate A <br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <br>[peap] TLS_accept: SSLv3 write server done A <br>[peap] TLS_accept: SSLv3 flush data <br>
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>In SSL Handshake Phase <br>In SSL Accept mode <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>
Sending Access-Challenge of id 145 to 192.168.0.1 port 3075<br> EAP-Message = 0x0102040019c0000008a016030100310200002d03014cd4fe1b8df7a54a84f7cb54ee98830b53c41dd5275195bb31ca2bdf975ff9d200002f000005ff01000100160301085c0b0008580008550003a7308203a33082028ba003020102020101300d06092a864886f70d0101040500308192310b300906035504061302434e3110300e060355040813074361706974656b3110300e060355040713074265696a696e6731153013060355040a130c4361706974656b20496e632e3120301e06092a864886f70d010901161161646d696e404361706974656b2e636f6d312630240603550403131d4361706974656b20436572746966696361746520417574<br>
EAP-Message = 0x686f72697479301e170d3130313032333039333530305a170d3131313032333039333530305a307e310b300906035504061302434e3110300e060355040813074361706974656b31153013060355040a130c4361706974656b20496e632e312330210603550403131a4361706974656b205365727665722043657274696669636174653121301f06092a864886f70d010901161261646d696e40654361706974656b2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cdaab3f206b6cfc36821760b21090968cca6f8342aeb2ad8d1dd45e93b419a2c635a196c4ed6474947d5093a914c84ee21111bf134a3<br>
EAP-Message = 0x43f31ceede8c211b49965710ac8ce6e362addd4d741bdf59fa081bfe86fe3e43cf8289e8ed4e151da4460204318b808959194ba8196e0e6af6d15bd032b1d87a3a34ad2e62982cef6534d7b364afe0241ca534984b2d8d770795fed8e5857bd155a2cc7207d81012fe262344ff32882baa32713ebb2ed1b5d246bcee1dfc31faa51392a1b9578091814034b56bb39fa012062352b08aae929a508b4ec41fe06a071ed6216a360d14253023e52e327bf1b0ebdd2cf0e67b3edc72a134750781b41558f23b9e5cca09558d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010045<br>
EAP-Message = 0x3a993396c01ab3e963bd6f828ece8d30a9e4783015a3c2fff68c0ac81506ba39520977b7b2c111d64b0da28081fb018e6de7ee2f4ca76271ecff6f3e59b36825d9e1d5c3141fb8e05ff230e16de497169f25a7e62a207b0f231ca98a16154894e02cf279e59ed4f165149775a1eaaa52d6ed58f555684d84b0b3caca3227068bf2591434fce17120f5b4c90d687eb9d7b0e77007f98d4c7751432e2c5e71cfa7ff2ceb8f1a2a05f1e20e8a4d639b091a814059665db63b843c207d5c7e4ab13d572224fbb28fe822e1d1a316af5ecee361cffc24143ff40331b2eb5868d5f751299e7ef832297caf99c1f8a199442ee3e7f0375a492cebfde4c1729001<br>
EAP-Message = 0x0ac70004a8308204a4308203<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x246ddb0b256fc225aad5e24c6756cf9c<br>Finished request 1.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.0.1 port 3075, id=146, length=187<br> User-Name = "host/Leeyu-Laptop"<br> NAS-IP-Address = 192.168.0.1<br> NAS-Port = 0<br>
Called-Station-Id = "00195b04c9e2"<br> Calling-Station-Id = "001e659fc674"<br> NAS-Identifier = "Realtek Access Point. 8181"<br> NAS-Port-Type = Wireless-802.11<br>
Service-Type = Framed-User<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020200061900<br> State = 0x246ddb0b256fc225aad5e24c6756cf9c<br> Message-Authenticator = 0xafa36e7177fb2841b5512080ba8fa1f6<br>
+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[Capitek.com] No '@' in User-Name = "host/Leeyu-Laptop", looking up realm NULL<br>[Capitek.com] No such realm "NULL"<br>
++[Capitek.com] returns noop<br>[eap] EAP packet type response id 2 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>
[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1 <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>Sending Access-Challenge of id 146 to 192.168.0.1 port 3075<br> EAP-Message = 0x010303fc19408ca003020102020900a82c41eeeb4a4d37300d06092a864886f70d0101050500308192310b300906035504061302434e3110300e060355040813074361706974656b3110300e060355040713074265696a696e6731153013060355040a130c4361706974656b20496e632e3120301e06092a864886f70d010901161161646d696e404361706974656b2e636f6d312630240603550403131d4361706974656b20436572746966696361746520417574686f72697479301e170d3130313032333039333434365a170d3131313032333039333434365a308192310b300906035504061302434e3110300e060355040813074361706974656b<br>
EAP-Message = 0x3110300e060355040713074265696a696e6731153013060355040a130c4361706974656b20496e632e3120301e06092a864886f70d010901161161646d696e404361706974656b2e636f6d312630240603550403131d4361706974656b20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b2d3f0c5f84705f3b0aec33fdcc4d9a052e18fbe093c2a3e147725a85f48153b57bb2cdd3d664a2882e49283cb928f0d7433dbed09bc6f8ed1082bd63ed64e8d6325181bc1124cecb84b9a9e2a143b9fc7562848c826476367e476f530d7d320d774218490b24b0d54<br>
EAP-Message = 0x0d725d80646614ed1ff8f074950ab5b3591857ea0a7a6b96ff6088f38ad60a9aec2afc811468d592ae6f0daa3505b4a771c76cb2e95c849b1606372f2d2eb2c860570eaa98d162f411c0fd6e620912f8f58a44a96376fa7ce14b576fe127a57810128fcd25e63706bb41dee082c5aeeba98d6d650276daa7520d0bd5280cc96c998d68cbe9e0ade80efb32e844b927418d9fdb96865ae90203010001a381fa3081f7301d0603551d0e04160414e411bcc416724dfec735b59ffe5b25952ffe185b3081c70603551d230481bf3081bc8014e411bcc416724dfec735b59ffe5b25952ffe185ba18198a48195308192310b300906035504061302434e3110<br>
EAP-Message = 0x300e060355040813074361706974656b3110300e060355040713074265696a696e6731153013060355040a130c4361706974656b20496e632e3120301e06092a864886f70d010901161161646d696e404361706974656b2e636f6d312630240603550403131d4361706974656b20436572746966696361746520417574686f72697479820900a82c41eeeb4a4d37300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100359ee20c5583cf62b6e23e2986ffc80212677987b02b22ef7bf81e52c6a83ea14a09b12736a0c94d1f6f9fe6ba982abe033a1fab74b1398695263ad861a1ab176498c2ebadcca488a078893acf<br>
EAP-Message = 0x6d1762af9cc32f77<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x246ddb0b266ec225aad5e24c6756cf9c<br>Finished request 2.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 192.168.0.1 port 3075, id=147, length=187<br> User-Name = "host/Leeyu-Laptop"<br> NAS-IP-Address = 192.168.0.1<br> NAS-Port = 0<br> Called-Station-Id = "00195b04c9e2"<br>
Calling-Station-Id = "001e659fc674"<br> NAS-Identifier = "Realtek Access Point. 8181"<br> NAS-Port-Type = Wireless-802.11<br> Service-Type = Framed-User<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br>
EAP-Message = 0x020300061900<br> State = 0x246ddb0b266ec225aad5e24c6756cf9c<br> Message-Authenticator = 0x09cd348a564b11f4a1a5ee3f8aad59a8<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>
++[chap] returns noop<br>++[mschap] returns noop<br>[Capitek.com] No '@' in User-Name = "host/Leeyu-Laptop", looking up realm NULL<br>[Capitek.com] No such realm "NULL"<br>++[Capitek.com] returns noop<br>
[eap] EAP packet type response id 3 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>
[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1 <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>Sending Access-Challenge of id 147 to 192.168.0.1 port 3075<br> EAP-Message = 0x010400ba1900f2af5e0bbbca5b63619eda4eafebcc8ce7dd49123dec621a9ee82327050c940e017b605759c85305c408f8e295be432e983bc762c496a9d45daa7044bfb8914236f4a38e213c5f16ac998128ca6f463e57823c7ed2e85ede9522f53be56f523460033146a70d509fa700ea0d7b139040adece74cd15c33064e4604d955a0cdbdfca05de47f8dd88d49935506ed4e61e8beb817af9ba7b135faa8ed6f63239f855d144a1887b38ee114f4a916030100040e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x246ddb0b2769c225aad5e24c6756cf9c<br>Finished request 3.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.0.1 port 3075, id=148, length=198<br>
User-Name = "host/Leeyu-Laptop"<br> NAS-IP-Address = 192.168.0.1<br> NAS-Port = 0<br> Called-Station-Id = "00195b04c9e2"<br> Calling-Station-Id = "001e659fc674"<br>
NAS-Identifier = "Realtek Access Point. 8181"<br> NAS-Port-Type = Wireless-802.11<br> Service-Type = Framed-User<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0204001119800000000715030100020230<br>
State = 0x246ddb0b2769c225aad5e24c6756cf9c<br> Message-Authenticator = 0x540a124a43aaa2b5ab81e6c6c5ae9452<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>
[Capitek.com] No '@' in User-Name = "host/Leeyu-Laptop", looking up realm NULL<br>[Capitek.com] No such realm "NULL"<br>++[Capitek.com] returns noop<br>[eap] EAP packet type response id 4 length 17<br>
[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
TLS Length 7<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br><b><u><i>[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca <br>TLS Alert read:fatal:unknown CA <br> TLS_accept:failed in SSLv3 read client certificate A <br>
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>SSL: SSL_read failed inside of TLS (-1), TLS session fails.<br>TLS receive handshake failed during operation</i></u></b><br>[peap] eaptls_process returned 4 <br>
[peap] EAPTLS_OTHERS<br>[eap] Handler failed in EAP/peap<br>[eap] Failed in EAP select<br>++[eap] returns invalid<br>Failed to authenticate the user.<br>Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>++[bklist] returns noop<br>
[sql_oracle] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>[sql_oracle] ... expanding second conditional<br>[sql_oracle] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>
[sql_oracle] expand: %{User-Name:-DEFAULT} -> host/Leeyu-Laptop<br>[sql_oracle] expand: %{Stripped-User-Name:-%{User-Name:-DEFAULT}} -> host/Leeyu-Laptop<br>[sql_oracle] sql_set_user escaped user --> 'host/Leeyu-Laptop'<br>
[sql_oracle] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '<Crypted>', '%{reply:Packet-Type}', TO_DATE('%S','yyyy-mm-dd hh24:mi:ss')) -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'host/Leeyu-Laptop', '<Crypted>', 'Access-Reject', TO_DATE('2010-11-06 15:04:59','yyyy-mm-dd hh24:mi:ss'))<br>
rlm_sql (sql_oracle) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'host/Leeyu-Laptop', '<Crypted>', 'Access-Reject', TO_DATE('2010-11-06 15:04:59','yyyy-mm-dd hh24:mi:ss'))<br>
rlm_sql (sql_oracle): Reserving sql socket id: 17<br>rlm_sql (sql_oracle): Released sql socket id: 17<br>++[sql_oracle] returns ok<br>[attr_filter.access_reject] expand: %{User-Name} -> host/Leeyu-Laptop<br> attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>Delaying reject of request 4 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 4<br>Sending Access-Reject of id 148 to 192.168.0.1 port 3075<br>
EAP-Message = 0x04040004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>Waking up in 3.9 seconds.<br>Cleaning up request 0 ID 144 with timestamp +3<br>Cleaning up request 1 ID 145 with timestamp +3<br>
Cleaning up request 2 ID 146 with timestamp +3<br>Cleaning up request 3 ID 147 with timestamp +3<br>Waking up in 1.0 seconds.<br>Cleaning up request 4 ID 148 with timestamp +3<br>Ready to process requests.<br><b><br>winxp do not send its hostname to radius server,but win7 will...,and how this happened ?</b><br>