I am using freeradius with EAP/TTLS. Windows Clients work fine, but not from Linux. These are the message after trying to access from Ubuntu 7.04: --- Walking the entire request list --- Sending Access-Reject of id 252 to 10.30.1.151 port 1031 EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4 seconds... rad_recv: Access-Request packet from host 10.30.1.151:1031, id=253, length=102 User-Name = "jdoe" Calling-Station-Id = "00-0e-35-bf-51-18" EAP-Message = 0x0201000b016d6261726265 Framed-MTU = 1287 NAS-IP-Address = 192.168.1.1 NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Message-Authenticator = 0x10cf9173f0fc56e7c29c6febe5be1f90 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 48 modcall[authorize]: module "preprocess" returns ok for request 48 rlm_eap: EAP packet type response id 1 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 48 modcall[authorize]: module "files" returns notfound for request 48 rlm_ldap: - authorize rlm_ldap: performing user authorization for jdoe radius_xlat: '(uid=jdoe)' radius_xlat: 'ou=people,dc=cadorna,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with filter (uid=jdoe) request done: ld 0x5555557c3e70 msgid 58 rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jdoe authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 48 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 48 modcall: leaving group authorize (returns updated) for request 48 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 48 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 48 modcall: leaving group authenticate (returns handled) for request 48 Sending Access-Challenge of id 253 to 10.30.1.151 port 1031 EAP-Message = 0x010f061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x93a4cdfad4b31637cd74d6d3255e4b30 Finished request 48 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.30.1.151:1031, id=254, length=202 User-Name = "jdoe" Calling-Station-Id = "00-0e-35-bf-51-18" EAP-Message = 0x0202005d150016030100520100004e0301471e027b594fc3bd23cd735f39013a7f93bc2b2574587abf78b635eb801f850600002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100 Framed-MTU = 1287 NAS-IP-Address = 192.168.1.1 NAS-Port = 0 NAS-Port-Type = Wireless-802.11 State = 0x93a4cdfad4b31637cd74d6d3255e4b30 Message-Authenticator = 0x3c9b688b198579b1ba4e97ba79c783cf Processing the authorize section of radiusd.conf modcall: entering group authorize for request 49 modcall[authorize]: module "preprocess" returns ok for request 49 rlm_eap: EAP packet type response id 2 length 93 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 49 modcall[authorize]: module "files" returns notfound for request 49 rlm_ldap: - authorize rlm_ldap: performing user authorization for jdoe radius_xlat: '(uid=jdoe)' radius_xlat: 'ou=people,dc=cadorna,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with filter (uid=jdoe) request done: ld 0x5555557c3e70 msgid 59 rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jdoe authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 49 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 49 modcall: leaving group authorize (returns updated) for request 49 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 49 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0852], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 49 modcall: leaving group authenticate (returns handled) for request 49 Sending Access-Challenge of id 254 to 10.30.1.151 port 1031 EAP-Message = 0x0103040a15c000000ac1160301004a020000460301471cdb5884f622bdad38ebc5862a7813cc4220fa5f1fd7a4a3a60fd18f9e2893200f5d445c4201d335a4d3376418bb45730265c2ab57c352cd5c8ddd4c2679a9b700390016030108520b00084e00084b0003b9308203b53082029da003020102020111300d06092a864886f70d010104050030818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06 EAP-Message = 0x035504031315436572746966696361746520417574686f72697479301e170d3037313031313233333633305a170d3131313031303233333633305a308193310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f312d302b060355040b1324446570617274616d656e746f20646520436f6d756e69636163696f6e6573202d20737032311d301b06035504031314737065637472756d2e70616c65726d6f2e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100e04585aa76fe88e53fe2e5 EAP-Message = 0xfd4e4c9732987996ca13093a1173f9760319f9bf6b1bbad6702284056432c8b9409e28789a2d91e8027baa1fadcf4951be8b3d1932d6a125dd50d18a57ea8c909eb93b83f73404193b6ebb16e7abcc49ec7b3d2546f65e41d895631ab82cbf09c6744c9d6e01064fd1548487e70baf1179f387430d7f193460f4bf55e9c6cb2100202382b2c0c10929e125f8c32bd5cd0d26c3d908688cb747475263370195f56c256bad4ee232fb9db6bf07966c6ad88f5bfa07143c5a626fde432f3582bdc50164e1b216e902efb947be80f5d64cf05e33e1ba76c3734bd4a1586895b5575ac4ea9f87384629547e75ad7c119c66abe7a07f8c7d0203010001a31730 EAP-Message = 0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c056381386ae47210e7781b5f29f6e345d3cf3170d7b56f207c5120ad7a0a3f50d8d5089b1b670e12571f30f6035435027ba8a6c0f560c4ed67436b09470a25f6c6ed5f6183671143d0119cdbd58f1564ff62d829557d30db8e3e629cde53dc086b2b6e6cbc199f38653349b1abd884554bde148d0b3c6972f3910a3d9a6004b4b85b5c2bea77f8939d3518d718d5a1290ca6c03f3ce5d98906e243f4cc698360b5d5f3015054f0dc7f0cb42475760038477a75d03c048f80b4f50b554499749833660883b818630ae143a9e0ac935e5e3d594 EAP-Message = 0xf97b881df18c0b1712e00eef6a91fa1582e7f8eb93fa Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9f0fb729292fd1fa84bf8407b903c2f1 Finished request 49 Going to the next request Cleaning up request 42 ID 247 with timestamp 471cdb53 Cleaning up request 43 ID 248 with timestamp 471cdb53 Cleaning up request 44 ID 249 with timestamp 471cdb53 Cleaning up request 45 ID 250 with timestamp 471cdb53 Cleaning up request 46 ID 251 with timestamp 471cdb53 Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.30.1.151:1031, id=255, length=115 User-Name = "jdoe" Calling-Station-Id = "00-0e-35-bf-51-18" EAP-Message = 0x020300061500 Framed-MTU = 1287 NAS-IP-Address = 192.168.1.1 NAS-Port = 0 NAS-Port-Type = Wireless-802.11 State = 0x9f0fb729292fd1fa84bf8407b903c2f1 Message-Authenticator = 0x1bf865fa2b8ecd5298a3ba37822d1ce6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 50 modcall[authorize]: module "preprocess" returns ok for request 50 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 50 modcall[authorize]: module "files" returns notfound for request 50 rlm_ldap: - authorize rlm_ldap: performing user authorization for jdoe radius_xlat: '(uid=jdoe)' radius_xlat: 'ou=people,dc=cadorna,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with filter (uid=jdoe) request done: ld 0x5555557c3e70 msgid 60 rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jdoe authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 50 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 50 modcall: leaving group authorize (returns updated) for request 50 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 50 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 50 modcall: leaving group authenticate (returns handled) for request 50 Sending Access-Challenge of id 255 to 10.30.1.151 port 1031 EAP-Message = 0x0104040a15c000000ac14ee3f701692818d33744866b15afbc8774a1ed07b5b43200048c3082048830820370a003020102020101300d06092a864886f70d010104050030818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f72697479301e170d3035313230313134353835305a170d3135313132393134353835305a30818e310b30090603 EAP-Message = 0x55040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100eb878d17120d3af300ab78838b32fde160463d4ff2693c5ebc59123788f0bfe9d90aaa34a22bab04b8e8f294176215b97f2edf6c686434ad87acccd5ecf7edec871e8449a876cbfe531c5158385aa9d30685723c EAP-Message = 0xf3273b5d2d8cde4ca62b0c07c3bdd54be96f2f68074454281c527079276d3388dcdb097e730c419f58d24eaca71fd8c5d8b6fe023154b9bdb920dc6ac013a57dc9bf94b99250b47bc32a07afbf2a2eddd37bdb8f0421f7df33eb999dce70784d065458b5e590f1c285837464709c6af7e3ae092dd38372420e780d8567699d534897f298fcde4309a2f66afee6dce842a69c31f1ca580454665eae87a04881b0bbb009928b30ef374fa534e50203010001a381ee3081eb301d0603551d0e04160414fd77533bb6a66d1e3b48bfb5d21501d829ddf4693081bb0603551d230481b33081b08014fd77533bb6a66d1e3b48bfb5d21501d829ddf469a18194 EAP-Message = 0xa4819130818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f72697479820101300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010066656bbb8617d0aa046d938fb367586fb47ba22a4c54ccfc21d3bdc13ae39df3cd89029a0b5bcacb39977e824d94ba8c61296ce2e38d91e22766ce9ce6d988580251e19e EAP-Message = 0xf037cea75d86cb016c26f8d51bb33fbe8f07daf1f9fc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8ec906c143e12a91c2923decee5f456a Finished request 50 Going to the next request Cleaning up request 47 ID 252 with timestamp 471cdb53 Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.30.1.151:1031, id=0, length=115 User-Name = "jdoe" Calling-Station-Id = "00-0e-35-bf-51-18" EAP-Message = 0x020400061500 Framed-MTU = 1287 NAS-IP-Address = 192.168.1.1 NAS-Port = 0 NAS-Port-Type = Wireless-802.11 State = 0x8ec906c143e12a91c2923decee5f456a Message-Authenticator = 0x6505201bc52e449d0d78f34393accd3f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 51 modcall[authorize]: module "preprocess" returns ok for request 51 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 51 modcall[authorize]: module "files" returns notfound for request 51 rlm_ldap: - authorize rlm_ldap: performing user authorization for jdoe radius_xlat: '(uid=jdoe)' radius_xlat: 'ou=people,dc=cadorna,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with filter (uid=jdoe) request done: ld 0x5555557c3e70 msgid 61 rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jdoe authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 51 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 51 modcall: leaving group authorize (returns updated) for request 51 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 51 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 51 modcall: leaving group authenticate (returns handled) for request 51 Sending Access-Challenge of id 0 to 10.30.1.151 port 1031 EAP-Message = 0x010502cb158000000ac178833f2254362517e85e9dcd2c4362773223204e9c66dff65f08f319c5c9a2bb6a6de09b6534fd5df1fc14ba8dc996930e5413bbb2d4cae1c5aa68abe3785bec762c0c47246c2a89066512727dfc1c8b96fb0005841d05009db8e084a3931d2046b4d8047d2c182c9b0a5b5f340ee1b4331ec0ece5185dc33e4f100ec0a0a7e6e2bad313ea717fa4d4ed2e913575014832f80d0298e5c662015b0729eabd6220c0082326acb5160301020d0c0002090080ab5cc42c337b650ab1047c54f7a4fc1a130b5596597983a2b227b2a9969953ee8238cee287777922551db722e8db74a6f760d006dac6ebfcc8a12be3a29d341f28c8 EAP-Message = 0x4c7276144e8ef17163040ab5133ee9dab782f2a030bf37bef653c2081f601c1563997b74cecc8d1d10f7bfdd6d812abd1b020076c2f9d125d24e7148765b00010200802b5df81bd6d61aef7ac659e75d873e6160d654a21ae35372e1f4c23b27eb9da51e47b885d05c5b384b6607e45a86bb5498b5909c81cfcf8079bfaf7a205b1e8ae0e4cc055ddf84fd7a3122952b744b777e35b50385e8de99a39fdce13f3806e54f399cfa985e9b938f7787f8cb091b6c9d344cc1c8cbf49a6b69642f29054f1e01008e859eb9cf1a0a028e0dac00ea41f9c36444e7e1fca9a1d1443f9facbf531a834d0ad6f4ddd46c4b724c359cccce7b96ba81baf8e3571623 EAP-Message = 0xd53ab675a4d6256fbd3485a7c422d677afcbec25fbac4b50c9d9d410bff745fe20cc8604ff15eb43fc8923b0757caac662887d1123dc38dd090c41a7f9e5352a4e2075e80b8473dcb05bf3b76bf63b6de5f7d32ce8d44933b09aa972a16d9f07da5398db6a8cd8567c1b017ec6be611af3cb5a983083297c706459982b8040cbd09c0af14f74f3130a72f89309a68eb110a947055823e5c5390c4846b3e59b63e66ddcbdcb62c6f03958908363a9185afe60cbc91aac69609409435b4b56b750383b8b251a12bac416030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x89c261d0437eeb9dcddbe806fe528723 Finished request 51 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.30.1.151:1031, id=1, length=313 User-Name = "jdoe" Calling-Station-Id = "00-0e-35-bf-51-18" EAP-Message = 0x020500cc1500160301008610000082008057043d3068860732c837deabd3478f745b102bd2059b58a6ae82b07439e2333e4d08a61e062ecc61ecc31ac7461234f8a82565867e14f62ee29eb862282a7e4a2fb1c3e9e14b3df1a4e75281a4623872c1839bf9ca2ff9d7fac21f1427e057f9178814756a0ab73dc99098322d70e12cb698a85a2a81685771b951bded038d4514030100010116030100302282d77f0730d9d730c3e02ba2ffd22eb47bcf3a5a365ff22adf85d96bd84be66928ffcf58720562175aa6725ea1cff7 Framed-MTU = 1287 NAS-IP-Address = 192.168.1.1 NAS-Port = 0 NAS-Port-Type = Wireless-802.11 State = 0x89c261d0437eeb9dcddbe806fe528723 Message-Authenticator = 0x7610c5f0d8723787c71194309ef953c1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 52 modcall[authorize]: module "preprocess" returns ok for request 52 rlm_eap: EAP packet type response id 5 length 204 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 52 modcall[authorize]: module "files" returns notfound for request 52 rlm_ldap: - authorize rlm_ldap: performing user authorization for jdoe radius_xlat: '(uid=jdoe)' radius_xlat: 'ou=people,dc=cadorna,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with filter (uid=jdoe) request done: ld 0x5555557c3e70 msgid 62 rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jdoe authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 52 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 52 modcall: leaving group authorize (returns updated) for request 52 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 52 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 52 modcall: leaving group authenticate (returns handled) for request 52 Sending Access-Challenge of id 1 to 10.30.1.151 port 1031 EAP-Message = 0x0106004515800000003b14030100010116030100305733430142da8ad230323c344f3ad0d604a9bfc411f63958f04a6d2da875d66d4b5f28db659aab44adfc8379f8b2ed9d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9d7022d071c2cef6bf33debacd0cb017 Finished request 52 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.30.1.151:1031, id=2, length=205 User-Name = "jdoe" Calling-Station-Id = "00-0e-35-bf-51-18" EAP-Message = 0x020600601500170301002020647f7d8d2bccc5abe810057b62591cb8d50a9c28d9e1edac7975536e78ed8717030100305f194220a912f09dead1620b1bf24c355d0134f82f36caca739a61d3211d82c6c7b337d69e644127509b25da6874c0f2 Framed-MTU = 1287 NAS-IP-Address = 192.168.1.1 NAS-Port = 0 NAS-Port-Type = Wireless-802.11 State = 0x9d7022d071c2cef6bf33debacd0cb017 Message-Authenticator = 0x1981ceaaca92086c0e3517f5cd3f2858 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 53 modcall[authorize]: module "preprocess" returns ok for request 53 rlm_eap: EAP packet type response id 6 length 96 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 53 modcall[authorize]: module "files" returns notfound for request 53 rlm_ldap: - authorize rlm_ldap: performing user authorization for jdoe radius_xlat: '(uid=jdoe)' radius_xlat: 'ou=people,dc=cadorna,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with filter (uid=jdoe) request done: ld 0x5555557c3e70 msgid 63 rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jdoe authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 53 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 53 modcall: leaving group authorize (returns updated) for request 53 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 53 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled identity of jdoe TTLS: Setting default EAP type for tunneled EAP session. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 53 modcall[authorize]: module "preprocess" returns ok for request 53 rlm_eap: EAP packet type response id 6 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 53 modcall[authorize]: module "files" returns notfound for request 53 rlm_ldap: - authorize rlm_ldap: performing user authorization for jdoe radius_xlat: '(uid=jdoe)' radius_xlat: 'ou=people,dc=cadorna,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with filter (uid=jdoe) request done: ld 0x5555557c3e70 msgid 64 rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jdoe authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 53 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 53 modcall: leaving group authorize (returns updated) for request 53 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 53 rlm_eap: EAP Identity rlm_eap: No such EAP type md5 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 53 modcall: leaving group authenticate (returns invalid) for request 53 auth: Failed to validate the user. TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls TTLS: Freeing handler for user jdoe rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 53 modcall: leaving group authenticate (returns invalid) for request 53 auth: Failed to validate the user. Delaying request 53 for 1 seconds Finished request 53 Going to the next request Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 2 to 10.30.1.151 port 1031 EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 51 ID 0 with timestamp 471cdb58 Cleaning up request 52 ID 1 with timestamp 471cdb58 Cleaning up request 53 ID 2 with timestamp 471cdb58 Cleaning up request 48 ID 253 with timestamp 471cdb58 Cleaning up request 49 ID 254 with timestamp 471cdb58 Cleaning up request 50 ID 255 with timestamp 471cdb58 Nothing to do. Sleeping until we see a request. -- -- Sergio Belkin -