<sigh> On 8/23/06, Tilen <lutemberg@gmail.com> wrote:
I get Access-Reject, whole debug log is here:
That is obviously a false statement. While eventually not decisive, the output from startup is missing. Some Requests prior to #4 are missing, which might already be more interesting. Finally you seem to have edited the output in an ill-advised manner here: [...]
rad_recv: Access-Request packet from host 192.168.1.1:3072, id=0, length=147 User-Name = "test"
NAS-IP-Address = 192.168.1.1 Called-Station-Id = "004010100003" Calling-Station-Id = "000e3557c74e" NAS-Identifier = "004010100003" NAS-Port = 30 Framed-MTU = 1400 State = 0x78d2170e45bcb6eac38f66525f681d9e Message-Authenticator = 0x90ba3baf012b7509c5c4c985a5452b26
Message-Authenticator is misaligned and EAP-Message is missing, which is definetly prohibiting the checking against the behaviour further down (which does indeed look peculiar, and is not the standard openssl error one would have guest from your previous truncations).
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A 3239:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48 3239:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. In SSL Handshake Phase In SSL Accept mode rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. eaptls_process returned 13
_Again_ please see to provide details as has been requested numerous times. Some sniffing on the radius server might be helpful here too. I'll refrain from looking into that as long as I have to play some sort of detective to even get to know what is going on on your installation. regards K. Hoercher