Hi all, my configuration is FreeRadius (1.0.5) with Chillispot in proxy mode (and WPA-Enterprise-Auto), when i try to connect with a client, it accepts the certificate, but authentication failed. FreeRadius communicate with Chillispot and all seems work fine. I've seen that in the firts request, TLS give an error ( TLS_accept:error in SSLv3 read client certificate A ) but in the third request (whit the same login) it works. What's wrong? Best regards. These are radius and chilli log: rad_recv: Access-Request packet from host 192.168.181.1:1026, id=0, length=118 User-Name = "prof1" EAP-Message = 0x0200000a0170726f6631 Message-Authenticator = 0xa755e14d8f738a60ad50681a848c4d27 Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 192.168.181.1 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/password to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 0 to 192.168.181.1:1026 Filter-Id = "98" EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ba05fe457734cfdd7739795f3bdc8b Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.181.1:1026, id=1, length=244 User-Name = "prof1" State = 0x43ba05fe457734cfdd7739795f3bdc8b EAP-Message = 0x0201007619800000006c1603010067010000630301452e55f989de814794c772b01ccc34ce2afa98a74d0ad6bea3f928e7c288115000003c002f000500040035000aff830009ff82000300080006ff8000320033003400380039003a0016001500140013001200110018001b001a0017001900010100 Message-Authenticator = 0xc8af438cacd711e7ff0d740c3cd87384 Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 192.168.181.1 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 118 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0067], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06ae], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 1 to 192.168.181.1:1026 Filter-Id = "98" EAP-Message = 0x0102040a19c00000070b160301004a020000460301452e537ca488ea6621f71250f98002c85a45166c0ec16bc5ab15b0bf86e938202019a4321b13304c3472967d3a7b9522f73a985f43176c08f3e0f4441d250f5971002f0016030106ae0b0006aa0006a70002d5308202d13082023aa003020102020900c15c0043e46eeae0300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b30190603550403131243 EAP-Message = 0x6c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3036313031323134323031375a170d3037313031323134323031375a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f3119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886 EAP-Message = 0xf70d010101050003818d0030818902818100c60af01facdb1bbf0dfcf9693f1db7b7abb6905261ddac50b3594df62ceabe39a5f931dd97f2521f754cd66c39f8f37b1149a26d74af49b4eeb7bc930839ab9dc93595f181170600c1aefc24e028b41431259e61e679ade357f82ae8e7f554ec5c572151fa0c4c583d794769cb98867bcde07335ac95c94be9561fb2de82563d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009d6536d8cb33f8365fd61bc062a6d6f706cddc11063d84ef4b6ae543dd18d15eef5c1c273403f4c466d890bb55e1bbbf29f38f511554831cb460 EAP-Message = 0xdb90ea3c4fa657556e3bf1bbb86b1f5bceadb472663b26dd17fd83ac2db439b0f185605d909a3fcd3d31f85096bd14e415dcce5fcc298776bbe82baa28b408abcbc5225f102e0003cc308203c830820331a003020102020900c15c0043e46eeade300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109 EAP-Message = 0x011612636c69656e74406578616d706c652e636f6d30 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5039a921f9fc66f28d6e3f4b862f6345 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.181.1:1026, id=2, length=132 User-Name = "prof1" State = 0x5039a921f9fc66f28d6e3f4b862f6345 EAP-Message = 0x020200061900 Message-Authenticator = 0xa91e107ec69b91ffe7cb31a455684512 Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 192.168.181.1 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 2 to 192.168.181.1:1026 Filter-Id = "98" EAP-Message = 0x0103031119001e170d3036313031323134323031335a170d3038313031313134323031335a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d1834676843139241f85b29b130df7eade2392a6f86ce3b912 EAP-Message = 0x0ca3a35399e73d2b3148b8decb8914a41ae016625a6d93b4266ad18023b924aa4b5ae13bd7d9cfff0fc885d7523163d3904e434c7fae94b82b1474cd318c0c88af5db0cab240c4c7be02f527bf766420266bff30a2a572de64507f01ee9e35283a7022370429a30203010001a382010830820104301d0603551d0e041604142f4a965f7d02a211a01c6062f921e94c7c3978e53081d40603551d230481cc3081c980142f4a965f7d02a211a01c6062f921e94c7c3978e5a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a EAP-Message = 0x130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820900c15c0043e46eeade300c0603551d13040530030101ff300d06092a864886f70d01010405000381810018230a55e71091a68331acbbdc7c440fedc00bdca273904f8abb0f89eece7b7788691cd225b6f79ed7938b9b6c3bc065a9673db78fad613669252f435b9d41b9003fb953d87d6152df09ce6fce19c7960d9e718c81455543cee043c5f00206f7afd633ad017ee4c5c7d6162f434476 EAP-Message = 0x5d21f4f6fd18a48d99efd1cb23d17c76ef16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x35e5753e170bf0eef07f6baa43a9ed96 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.181.1:1026, id=3, length=334 User-Name = "prof1" State = 0x35e5753e170bf0eef07f6baa43a9ed96 EAP-Message = 0x020300d01980000000c616030100861000008200809bf4fb80396fa2a36688d08c0636c920f85ca7789f995dfe204a3639c4e0efc7c9213477807580d1404813daf96be6ff227836e5992d3cea4232acb679abf4a38835f0fa6a6c481509ad39a804309f9e25f5ba15b68e7c964a10272d86904d036053abbcda030d7567189e27b42b91a74671e7fb006e64cafb4a603e91d7bb6d14030100010116030100309034f26ce775a9be886de32e9101e1eeb42d5cad400ce3166058a23d047e7b4d5ad80e0e68568c2c78ce8daea1bf0b46 Message-Authenticator = 0x37a6aa57d05283ed1e2727c1cbd2e246 Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 192.168.181.1 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 3 to 192.168.181.1:1026 Filter-Id = "98" EAP-Message = 0x01040041190014030100010116030100305cbbad378481f9e36a6768f41f18a5924a34dcebde91f3b0f4ec5c8782aa697976a71ce9edb66d2cd16282a3f5fae348 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd9784d7c093eb0db5f8af482bc1e7400 Finished request 3 ===================================================== bash-3.00# chilli --fg --debug --conup=/etc/conup --condown=/etc/condow --eapolenable ChilliSpot version 1.1.0 started. chillispot[1696]: ChilliSpot 1.1.0. Copyright 2002-2005 Mondru AB. Licensed under GPL. See http://www.chillispot.org for credits. Waiting for client request... chillispot[1696]: chilli.c: 3509: New DHCP request from MAC=00-11-95-C2-93-0A New DHCP connection established DHCP requested IP address chillispot[1696]: chilli.c: 3479: Client MAC=00-11-95-C2-93-0A assigned IP 192.168.182.2 cb_dhcp_data_ind. Packet received. DHCP authstate: 5 Radius access request received! Calling Station ID is: 00-17-F2-44-11-C2 Username is: prof1 chillispot[1696]: chilli.c: 3509: New DHCP request from MAC=00-17-F2-44-11-C2 New DHCP connection established Received access request confirmation from radius server Received access challenge from radius server cb_dhcp_data_ind. Packet received. DHCP authstate: 5 Radius access request received! Calling Station ID is: 00-17-F2-44-11-C2 Username is: prof1 Received access request confirmation from radius server Received access challenge from radius server cb_dhcp_data_ind. Packet received. DHCP authstate: 5 Radius access request received! Calling Station ID is: 00-17-F2-44-11-C2 Username is: prof1 Received access request confirmation from radius server Received access reject from radius server chillispot[1696]: chilli.c: 3550: DHCP addr released by MAC=00-17-F2-44-11-C2 IP=0.0.0.0 DHCP connection removed chillispot[1696]: chilli.c: 3550: DHCP addr released by MAC=00-11-95-C2-93-0A IP=192.168.182.2 DHCP connection removed