Hello
My server is now accepting the eap authentication,
but is sending after this accept an access challenge to the client. It
seems that the client "ignores" the access challenge sent by
the server !!
Any idea ??
Fabien
rad_recv: Access-Request packet from
host 10.166.42.30:1024, id=3, length=159
User-Name
= "sierre08015"
NAS-IP-Address
= 10.166.42.30
NAS-Port
= 1
Called-Station-Id
= "00-14-C2-BB-FF-70:test"
Calling-Station-Id
= "00-1F-3C-13-1A-1F"
Framed-MTU
= 1400
NAS-Port-Type
= Wireless-802.11
Connect-Info
= "CONNECT 0Mbps 802.11g"
EAP-Message
= 0x02070010017369657272653038303135
Message-Authenticator
= 0x44d8e63aaf78d1dd710924a013bfe7ba
Processing the authorize section
of radiusd.conf
modcall: entering group authorize for
request 3
modcall[authorize]: module "preprocess"
returns ok for request 3
rlm_eap: EAP packet type response
id 7 length 16
rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation
modcall[authorize]: module "eap"
returns updated for request 3
users: Matched entry sierre08015
at line 97
modcall[authorize]: module "files"
returns ok for request 3
modcall: leaving group authorize (returns
updated) for request 3
rad_check_password: Found
Auth-Type EAP
auth: type "EAP"
Processing the authenticate section
of radiusd.conf
modcall: entering group authenticate
for request 3
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client
certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module
"eap" returns handled for request 3
modcall: leaving group authenticate
(returns handled) for request 3
Sending Access-Challenge of id 3 to
10.166.42.30 port 1024
EAP-Message
= 0x010800060d20
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0x70d9ca888398794265f013f1ea86a3b8
Finished request 3
Going to the next request
--- Walking the entire request list
---
Waking up in 6 seconds...
rad_recv: Access-Request packet from
host 10.166.42.30:1024, id=4, length=241
User-Name
= "sierre08015"
NAS-IP-Address
= 10.166.42.30
NAS-Port
= 1
Called-Station-Id
= "00-14-C2-BB-FF-70:test"
Calling-Station-Id
= "00-1F-3C-13-1A-1F"
Framed-MTU
= 1400
NAS-Port-Type
= Wireless-802.11
Connect-Info
= "CONNECT 0Mbps 802.11g"
EAP-Message
= 0x020800500d800000004616030100410100003d030149ae3f67c2530394de05ba7fb9c39413db6dd4d884994527880e0543a428dee400001600040005000a000900640062000300060013001200630100
State =
0x70d9ca888398794265f013f1ea86a3b8
Message-Authenticator
= 0x56372f6bfce57e79360ae0c757da625b
Processing the authorize section
of radiusd.conf
modcall: entering group authorize for
request 4
modcall[authorize]: module "preprocess"
returns ok for request 4
rlm_eap: EAP packet type response
id 8 length 80
rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation
modcall[authorize]: module "eap"
returns updated for request 4
users: Matched entry sierre08015
at line 97
modcall[authorize]: module "files"
returns ok for request 4
modcall: leaving group authorize (returns
updated) for request 4
rad_check_password: Found
Auth-Type EAP
auth: type "EAP"
Processing the authenticate section
of radiusd.conf
modcall: entering group authenticate
for request 4
rlm_eap: Request found, released
from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept
initialization
TLS_accept: before/accept
initialization
rlm_eap_tls: <<< TLS
1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read
client hello A
rlm_eap_tls: >>> TLS
1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write
server hello A
rlm_eap_tls: >>> TLS
1.0 Handshake [length 02ad], Certificate
TLS_accept: SSLv3 write
certificate A
rlm_eap_tls: >>> TLS
1.0 Handshake [length 00a3], CertificateRequest
TLS_accept: SSLv3 write
certificate request A
TLS_accept: SSLv3 flush
data
TLS_accept:error in SSLv3
read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module
"eap" returns handled for request 4
modcall: leaving group authenticate
(returns handled) for request 4
Sending Access-Challenge of id 4 to
10.166.42.30 port 1024
EAP-Message
= 0x010903b30d80000003a9160301004a02000046030149ae3f6712908d3b767909434474e04763782e4799f5ba8fa55677e4cc5ebb69201f975e44af3ffdd4256b3608b4501983469357e875c2d3df0e562e297d56618300040016030102ad0b0002a90002a60002a33082029f30820208020900d79b076a9c2a726f300d06092a864886f70d0101050500308193310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d06035504071306536965727265311d301b060355040a13144e6f76656c697320506c616e7420536965727265311630140603550403130d526164697573205365727665723126302406
EAP-Message
= 0x092a864886f70d01090116177369657272657261643130406e6f76656c69732e636f6d301e170d3039303131323139323733375a170d3039303231313139323733375a308193310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d06035504071306536965727265311d301b060355040a13144e6f76656c697320506c616e7420536965727265311630140603550403130d526164697573205365727665723126302406092a864886f70d01090116177369657272657261643130406e6f76656c69732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ec5d7c0b616c84
EAP-Message
= 0x9cb4d290cf1ba7432d4581ef7602de5309e60866c877dd2772a62df72614f0988998a7c5feffd6c2454656c0376e3e0f9fd0586bed25ffa89e6f416b92b352fd6090d3b9cf3f0bcb182a2e68ca58848f7cca593c62726f96421e1726757ffc143bf16dd9b132909199d1292ba067160afff70e612f56bfcc550203010001300d06092a864886f70d0101050500038181008f10a3348b6a8192ab370370cf5bc572fe2228a782b7fa97828e798716d26508dfe471fa5352f4ea71a8e5eb12b71413733f07e0d6222a9dec199b76b4434aba154bb64d6e77cd3e5471003e2fceb03bfa6d69340a1b4802edc3959f0de8a52d1ae0cc88217a2db731513ad9
EAP-Message
= 0xc8ad4170e9d80b47b6e9ae2a82cc577076dec8b316030100a30d00009b0301020500950093308190310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d0603550407130653696572726531163014060355040a130d4e6f76656c697320506c616e74311730150603550403130e46616269656e204372657474617a3129302706092a864886f70d010901161a66616269656e2e6372657474617a406e6f76656c69732e636f6d0e000000
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0xcad27a06a3667c11a3c87b3e41faa858
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from
host 10.166.42.30:1024, id=5, length=167
User-Name
= "sierre08015"
NAS-IP-Address
= 10.166.42.30
NAS-Port
= 1
Called-Station-Id
= "00-14-C2-BB-FF-70:test"
Calling-Station-Id
= "00-1F-3C-13-1A-1F"
Framed-MTU
= 1400
NAS-Port-Type
= Wireless-802.11
Connect-Info
= "CONNECT 0Mbps 802.11g"
EAP-Message
= 0x020900060d00
State =
0xcad27a06a3667c11a3c87b3e41faa858
Message-Authenticator
= 0x57367206865668163c2155289735fb84
Processing the authorize section
of radiusd.conf
modcall: entering group authorize for
request 5
modcall[authorize]: module "preprocess"
returns ok for request 5
rlm_eap: EAP packet type response
id 9 length 6
rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation
modcall[authorize]: module "eap"
returns updated for request 5
users: Matched entry sierre08015
at line 97
modcall[authorize]: module "files"
returns ok for request 5
modcall: leaving group authorize (returns
updated) for request 5
rad_check_password: Found
Auth-Type EAP
auth: type "EAP"
Processing the authenticate section
of radiusd.conf
modcall: entering group authenticate
for request 5
rlm_eap: Request found, released
from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment
handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module
"eap" returns handled for request 5
modcall: leaving group authenticate
(returns handled) for request 5
Sending Access-Challenge of id 5 to
10.166.42.30 port 1024
EAP-Message
= 0x010a000a0d8000000000
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0x850de87f7a3c97df745f110aed8ce38e
Finished request 5
Going to the next request
Waking up in 6 seconds...
NOVELIS
Fabien Crettaz
IT System and Infrastructure
Novelis Automotive, Painted & Specialities
Novelis Switzerland SA
CH - 3960 Sierre, Switzerland
phone: +41 (0)27 457 7164
fax: +41 (0)27 457 7105
e-mail:
fabien.crettaz@novelis.com
http://www.novelis.ch
P Please
consider the environment before printing this email.
<tnt@kalik.net>
Sent by: freeradius-users-bounces+fabien.crettaz=novelis.com@lists.freeradius.org
03.03.2009 16:50
|
Please respond to
FreeRadius users mailing list <freeradius-users@lists.freeradius.org> |
|
|
To
| "FreeRadius users mailing list"
<freeradius-users@lists.freeradius.org>
|
|
cc
|
|
|
Subject
| Re: eap-tls configuration not running... |
|
>Thanks for you response, what should I set as
Auth-Type, as 'Auth-Type :=
>eap' is not recommended (cf. coment in eap.conf) ?
You don't set anything. Server will set what it needs. It "just works".
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html