Hi All, I have a small problem with my FreeRadius configuration. I have configured FreeRadius with LDAP authentication, this part seems to work fine. I am using an Extreme Summit switch, as radius client and I am using an Windows XP sp2 workstation with PEAP / 802.1x authentication. What is happing: First FreeRadius shows this error: rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 086e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase Later on FreeRadius shows: rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully And at the end: rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied TLS Alert read:fatal:access denied rlm_eap_peap: No data inside of the tunnel. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: group authenticate returns invalid for request 5 auth: Failed to validate the user. What is going on? I have included the whole log: =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.01.18 10:37:22 =~=~=~=~=~=~=~=~=~=~=~= rad_recv: Access-Request packet from host 10.61.100.163:1306, id=104, length=96 User-Name = "gerard" EAP-Message = 0x0201000b01676572617264 NAS-IP-Address = 10.61.100.163 Service-Type = Login-User Calling-Station-Id = "00-10-b5-f4-98-0e" NAS-Port-Type = Ethernet Message-Authenticator = 0xe19cdef787567dad9b16fa10a14c19c8 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for gerard radius_xlat: '(CN=gerard)' radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to IDIIBSA01D.brasiltelecom.com.br:389, authentication 0 rlm_ldap: setting TLS CACert File to /etc/raddb/certs/root.b64 rlm_ldap: setting TLS Require Cert to demand rlm_ldap: starting TLS rlm_ldap: bind as cn=admin,o=btp/novell to IDIIBSA01D.brasiltelecom.com.br:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp, with filter (CN=gerard) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user gerard authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 104 to 10.61.100.163:1306 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0a085f59b12ad9d7496d5537e1684e39 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.61.100.163:1307, id=144, length=183 User-Name = "gerard" EAP-Message = 0x0202005019800000004616030100410100003d030143ce8bd85fe37086d9ba7c2f652 fab40d74ddc70e1d10a9b510dc5a339e1d13200001600040005000a0009006400620003 00060013001200630100 NAS-IP-Address = 10.61.100.163 Service-Type = Login-User Calling-Station-Id = "00-10-b5-f4-98-0e" NAS-Port-Type = Ethernet State = 0x0a085f59b12ad9d7496d5537e1684e39 Message-Authenticator = 0xaa19c30a287bea21f1fc92796bf34875 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for gerard radius_xlat: '(CN=gerard)' radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp, with filter (CN=gerard) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user gerard authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 086e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 144 to 10.61.100.163:1307 EAP-Message = 0x0103040a19c0000008cb160301004a02000046030143ce3715701f886b5fe1961eb2f 13112fc2c0ecaee638df5e0c6c6e26270fba1208e530e6bfd57cc2d80de3acf32db22e6 eb73bf380cae255e0411e7d5f22cb99f000400160301086e0b00086a000867000432308 2042e30820397a003020102020101300d06092a864886f70d0101050500308193310b30 09060355040613024252310b30090603550408130244463111300f06035504071308427 26173696c696131173015060355040a130e42726173696c2054656c65636f6d310c300a 060355040b1303706f63311630140603550403130d43412046524545524144495553312 5302306092a EAP-Message = 0x864886f70d0109011616676d616e7376656c646572406e6f76656c6c2e636f6d301e1 70d3036303131373136343631365a170d3037303131373136343631365a308198310b30 09060355040613024252310b30090603550408130244463111300f06035504071308427 26173696c696131173015060355040a130e42726173696c2054656c65636f6d310c300a 060355040b1303706f63311b30190603550403131253657276657220436572746966696 36174653125302306092a864886f70d0109011616676d616e7376656c646572406e6f76 656c6c2e636f6d30819f300d06092a864886f70d010101050003818d003081890281810 0b485b502a7 EAP-Message = 0x2183a9393af8b1ccbe86fb8d30b639f076ef499e033dd64ac09082360210661ae0415 4e1ae1865f38a3d1a52d14512fc131a465e2b23414d1dfe4cece01c8475aca7b86e9592 409e1c40abc1f5399e3d534fe819a5b5497d1893acc4b80a5b4666af178d43f6c80a873 14b606ae939ebf224d97bf82b12d62313330203010001a3820189308201853009060355 1d1304023000303006096086480186f842010d04231621596153542047656e657261746 56420536572766572204365727469666963617465301106096086480186f84201010404 03020640300b0603551d0f040403020520301d0603551d0e041604146891e5076f1932a 70e3b4c6562 EAP-Message = 0x118872dda901533081c00603551d230481b83081b58014b00ac384a4e7d530b3c5f98 c322116e79ee67cdba18199a48196308193310b3009060355040613024252310b300906 03550408130244463111300f0603550407130842726173696c696131173015060355040 a130e42726173696c2054656c65636f6d310c300a060355040b1303706f633116301406 03550403130d434120465245455241444955533125302306092a864886f70d010901161 6676d616e7376656c646572406e6f76656c6c2e636f6d82010030210603551d11041a30 188116676d616e7376656c646572406e6f76656c6c2e636f6d30210603551d12041a301 88116676d61 EAP-Message = 0x6e7376656c646572406e6f76656c6c2e636f6d300d06 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdd3ec07c0191676261d0e4ce0c3fa25b Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.61.100.163:1308, id=154, length=109 User-Name = "gerard" EAP-Message = 0x020300061900 NAS-IP-Address = 10.61.100.163 Service-Type = Login-User Calling-Station-Id = "00-10-b5-f4-98-0e" NAS-Port-Type = Ethernet State = 0xdd3ec07c0191676261d0e4ce0c3fa25b Message-Authenticator = 0xcc29588da47c92c9e269c87affc2869d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for gerard radius_xlat: '(CN=gerard)' radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp, with filter (CN=gerard) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user gerard authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 154 to 10.61.100.163:1308 EAP-Message = 0x010404061940092a864886f70d0101050500038181000205eecdae633cd135dab90f7 5ca327619de070b396234105574565878af2f12d3b2880c181ec848c291904cd10ac3a1 74d062dc2d973eac54ad1dba922833971d0ed9a206de16af6990257c6746222f1f8ee90 8eabcb3c78bae8fccd77bdd1281f77cd61a91ba4fa020795397efe058881e7746be1cec ca19d1c564d0fdd5bf00042f3082042b30820394a003020102020100300d06092a86488 6f70d0101050500308193310b3009060355040613024252310b30090603550408130244 463111300f0603550407130842726173696c696131173015060355040a130e427261736 96c2054656c EAP-Message = 0x65636f6d310c300a060355040b1303706f63311630140603550403130d43412046524 5455241444955533125302306092a864886f70d0109011616676d616e7376656c646572 406e6f76656c6c2e636f6d301e170d3036303131373136343532315a170d31363031313 53136343532315a308193310b3009060355040613024252310b30090603550408130244 463111300f0603550407130842726173696c696131173015060355040a130e427261736 96c2054656c65636f6d310c300a060355040b1303706f63311630140603550403130d43 4120465245455241444955533125302306092a864886f70d0109011616676d616e73766 56c64657240 EAP-Message = 0x6e6f76656c6c2e636f6d30819f300d06092a864886f70d010101050003818d0030818 902818100d4e8aa933101cb98013f00769eb5abb75e56d1f4c814448d5474a8436679a4 86f9145100d85fa7caf44d2eefec155c19fe72a9d4b18d01172e84bf71b4744fdd090e9 6d9407556aac00f7ebd961d0c27de0db43a687f018e4a8960d53c5447a7b26a6d9a29fa 8619a016d035da45920740116060c073bd46ce0afb585c2a845d0203010001a382018b3 0820187300f0603551d130101ff040530030101ff302c06096086480186f842010d041f 161d596153542047656e657261746564204341204365727469666963617465301106096 086480186f8 EAP-Message = 0x420101040403020106300b0603551d0f040403020106301d0603551d0e04160414b00 ac384a4e7d530b3c5f98c322116e79ee67cdb3081c00603551d230481b83081b58014b0 0ac384a4e7d530b3c5f98c322116e79ee67cdba18199a48196308193310b30090603550 40613024252310b30090603550408130244463111300f0603550407130842726173696c 696131173015060355040a130e42726173696c2054656c65636f6d310c300a060355040 b1303706f63311630140603550403130d43412046524545524144495553312530230609 2a864886f70d0109011616676d616e7376656c646572406e6f76656c6c2e636f6d82010 03021060355 EAP-Message = 0x1d11041a30188116676d616e7376656c6465 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7150ed65353ef2022dee73d433e192aa Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.61.100.163:1309, id=159, length=109 User-Name = "gerard" EAP-Message = 0x020400061900 NAS-IP-Address = 10.61.100.163 Service-Type = Login-User Calling-Station-Id = "00-10-b5-f4-98-0e" NAS-Port-Type = Ethernet State = 0x7150ed65353ef2022dee73d433e192aa Message-Authenticator = 0xeaf20f5b61b128ef9986805685fd37c7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for gerard radius_xlat: '(CN=gerard)' radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp, with filter (CN=gerard) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user gerard authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 159 to 10.61.100.163:1309 EAP-Message = 0x010500d1190072406e6f76656c6c2e636f6d30210603551d12041a30188116676d616 e7376656c646572406e6f76656c6c2e636f6d300d06092a864886f70d01010505000381 8100723c99761ae5cec5d55285ca0707476e79fafbaca909e91f870551f89094aacb0aa e7e64b67bc4ecff762bfda8179c095976c84ba2b3cc57d76cb4544f1b5a06c74c69cf93 dd5f1bc43a84e7585891f98622a060c5eec233961eacc2280888842637d7e9e54b4e6dc d8cfc179e26571494b6b048ef971d9f691489795bf0854616030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa09869be221b1fc5be6bd91ac9be02f Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.61.100.163:1310, id=184, length=295 User-Name = "gerard" EAP-Message = 0x020500c01980000000b6160301008610000082008094fb643ad1caa3531226eccee88 35ed0e8622db1b9928d6e525d82d33ba1423dc0ad4e683fb8d019c92fa856aa36797a14 e1ada1a4a35158e57380b44fcd1297deed1faf4cec10e2ab190052d1d3045e103583352 9796813de4427d0ea18660117c755b0b78b3eca7e885c95e68070a088aaeca95583d5ff ff843923a7f945c9140301000101160301002074b18550966b0547b6ea63b9d2a019481 2f1d5057574c0ff2bea3138ae6b5936 NAS-IP-Address = 10.61.100.163 Service-Type = Login-User Calling-Station-Id = "00-10-b5-f4-98-0e" NAS-Port-Type = Ethernet State = 0xaa09869be221b1fc5be6bd91ac9be02f Message-Authenticator = 0x26c1db34620f7fba70b88fd10c20a8fe Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for gerard radius_xlat: '(CN=gerard)' radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp, with filter (CN=gerard) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user gerard authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 184 to 10.61.100.163:1310 EAP-Message = 0x01060031190014030100010116030100201bc94fd6fd777e8b17b635f36e76ce1b931 ae376b4eb525261d9893c440d839f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf58547812f2481d8505e8f93b54b39e6 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.61.100.163:1311, id=194, length=136 User-Name = "gerard" EAP-Message = 0x020600211980000000171503010012956ef02404c98a859e53ea90188213b46205 NAS-IP-Address = 10.61.100.163 Service-Type = Login-User Calling-Station-Id = "00-10-b5-f4-98-0e" NAS-Port-Type = Ethernet State = 0xf58547812f2481d8505e8f93b54b39e6 Message-Authenticator = 0x0b6eb59957e0a25f9a24a11464e7bf30 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "gerard", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 33 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for gerard radius_xlat: '(CN=gerard)' radius_xlat: 'ou=radius,ou=servicos,ou=brt,o=btp' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,ou=servicos,ou=brt,o=btp, with filter (CN=gerard) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user gerard authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied TLS Alert read:fatal:access denied rlm_eap_peap: No data inside of the tunnel. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: group authenticate returns invalid for request 5 auth: Failed to validate the user. Login incorrect: [gerard] (from client extreme port 0 cli 00-10-b5-f4- 98-0e) Delaying request 5 for 1 seconds Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.61.100.163:1311, id=194, length=136 Sending Access-Reject of id 194 to 10.61.100.163:1311 EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 104 with timestamp 43ce3715 Cleaning up request 1 ID 144 with timestamp 43ce3715 Cleaning up request 2 ID 154 with timestamp 43ce3715 Cleaning up request 3 ID 159 with timestamp 43ce3715 Cleaning up request 4 ID 184 with timestamp 43ce3715 Cleaning up request 5 ID 194 with timestamp 43ce3715 Nothing to do. Sleeping until we see a request. Thanks guys! Gerard