Matteo Lazzarini wrote:
rad_recv: Access-Request packet from host 192.168.1.5:1218, id=97, length=139 User-Name = "marcello" NAS-IP-Address = 192.168.1.5 NAS-Port = 0 Called-Station-Id = "00-40-05-30-C5-86" Calling-Station-Id = "00-0C-F1-15-17-59" NAS-Identifier = "DLink-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000d016d617263656c6c6f Message-Authenticator = 0x198e77929c34dbae3d21887e7c8fedb6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/usr/local/var/log/radius/radacct/192.168.1.5/auth-detail-20060822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.1.5/auth-detail-20060822 modcall[authorize]: module "auth_log" returns ok for request 0 rlm_eap: EAP packet type response id 1 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry marcello at line 223 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 97 to 192.168.1.5 port 1218 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x10ffb90c0007eb49a18f61eabd573132 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.5:1218, id=98, length=224 User-Name = "marcello" NAS-IP-Address = 192.168.1.5 NAS-Port = 0 Called-Station-Id = "00-40-05-30-C5-86" Calling-Station-Id = "00-0C-F1-15-17-59" NAS-Identifier = "DLink-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200500d800000004616030100410100003d030144eb3ca336a3103a0ffadab80df60c4e27696e763a5ebad813bc963683fff37800001600040005000a000900640062000300060013001200630100
State = 0x10ffb90c0007eb49a18f61eabd573132 Message-Authenticator = 0x3a2931277b7c91633740abd039fb5d26 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/192.168.1.5/auth-detail-20060822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.1.5/auth-detail-20060822 modcall[authorize]: module "auth_log" returns ok for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry marcello at line 223 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0715], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00c7], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data * TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)* In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 98 to 192.168.1.5 port 1218 EAP-Message = 0x0103040a0dc000000835160301004a02000046030144eb3d0386a135fa7e544226488211ed9f6d798dd3b1b667ce1057e7c6f83a2120ac760e68727c64d564fa523a839ce6ca02136b0c8d2dcf15257eaa69617fec9200040016030107150b00071100070e0002fa308202f63082025fa003020102020900f224c648347dc88c300d06092a864886f70d01010405003081b5310b3009060355040613024954310e300c060355040813054954414c593110300e0603550407130742657267616d6f31123010060355040a130947727570706f696d69311e301c060355040a13153830322e31782041757468656e7469636174696f6e3110300e06035504
EAP-Message = 0x0b1307696d692073726c311630140603550403130d43412d467265657261646975733126302406092a864886f70d0109011617667265657261646975734067727570706f696d692e6974301e170d3036303832323136333935375a170d3037303832323136333935375a3081aa310b3009060355040613024954310e300c060355040813054954414c593110300e0603550407130742657267616d6f31123010060355040a130947727570706f696d69311e301c060355040a13153830322e31782041757468656e7469636174696f6e3110300e060355040b1307696d692073726c310f300d060355040313066a61676765723122302006092a864886
EAP-Message = 0xf70d01090116136a61676765724067727570706f696d692e697430819f300d06092a864886f70d010101050003818d0030818902818100c2889e425836d09f8235751e0ff076778dfad149ef3ef3f5d474375ad07c6d7d8924c1626b2c5478638564287fb4023b5ce68bcd0ffd7c21ac57d06ef8ef98f5ab9d5de84379f4f64bdef487a93350102d22f58200f16000756e3e98a677881f171155a679058c72d7a23d88e9d29daa1be63a014dca55ab45ac4383f04dbf610203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100b2288be7befe02ede8b87a2965337aaa586ac346be
EAP-Message = 0x14150f8914a326d60ec602e4e2076441b2266b013a2a5a6a083adf3abad567d1581e42fe22dfba9ae4b1a6e08333fe84d50950a5ff6a918f1bdcde276c6563d208ab5b6e95128e38e9454314e3a8be08896e031ef2f1332347d9b93e6caa8761ef5e9758ef6618946f816e00040e3082040a30820373a003020102020900f224c648347dc88a300d06092a864886f70d01010405003081b5310b3009060355040613024954310e300c060355040813054954414c593110300e0603550407130742657267616d6f31123010060355040a130947727570706f696d69311e301c060355040a13153830322e31782041757468656e7469636174696f6e3110
EAP-Message = 0x300e060355040b1307696d692073726c311630140603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x582723ed1968a3dbf4d299bf04f83d9c Finished request 1 Going to the next request Waking up in 6 seconds...
Can somebody said me what for I have this fault? I have used for TLS the certs made with the CA.all script in the freeradius scripts directory. I have used also certs made with other scripts find in internet. But the error is the same.
I am continuing to make various tests but I do not resolve the problem… nobody has ideas/help?