I have windows XP sp2 with all updates, I use driver 9.0.2.31 from 19-07-2005, so I think that they should be OK. I've another card Linksys but yesturday my Router/AP broke down and I can't test it. I will get on Monday new from work (Cisco 1100) and I will try it, i hope. Regards Adam ----- Original Message ----- From: "Frank Buttner" <frank-buettner@gmx.net> To: "'FreeRadius users mailing list'" <freeradius-users@lists.freeradius.org> Sent: Saturday, December 31, 2005 5:30 PM Subject: RE: FreeRadius +TLS (base on openssl)
Have you use the last Intel driver, Firmware and the XP update for WPA??
-----Original Message----- From: freeradius-users-bounces+frank-buettner=gmx.net@lists.freeradius.org [mailto:freeradius-users-bounces+frank-buettner=gmx.net@lists.freeradius.org ] On Behalf Of Adam Rogalski Sent: Saturday, December 31, 2005 5:12 PM To: FreeRadius users mailing list Subject: Re: FreeRadius +TLS (base on openssl)
Hi
thanks for replay, I use only one static IP adress on my server, were I have radius. And I made client and server certificate with xpextenisions file so I think it's not that.
Regards Adam
----- Original Message ----- From: "Frank Buttner" <frank-buettner@gmx.net> To: "'FreeRadius users mailing list'" <freeradius-users@lists.freeradius.org> Sent: Saturday, December 31, 2005 10:18 AM Subject: RE: FreeRadius +TLS (base on openssl)
Have your radius server multiple IP addresses? In my case that was one of my problems. And the second was that the client and server certificate has not extensions part.
-----Original Message----- From: freeradius-users-bounces+frank-buettner=gmx.net@lists.freeradius.org
[mailto:freeradius-users-bounces+frank-buettner=gmx.net@lists.freeradius.org
] On Behalf Of Adam Rogalski Sent: Friday, December 30, 2005 12:10 PM To: FreeRadius users mailing list Subject: FreeRadius +TLS (base on openssl)
Hi
I figth with my Radius for one week and I don't have more ideas. I would like to make my home network with WPA enterprise (WPA with TKIP + 802.1x).
I made my own CA and generate certificates for server and client. Everything like I red in howto from freeradius.org. My server is on fedora core 4 but
I try on slackware too. When I use on my AP (linksys wrt54g) WPA enterprise command radiusd -X stops after:
Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests.
when I change for only RADIUS and WEP I get after radiusd -X message:
root@serwerek sbin]# ./radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "nobody" main: group = "nobody" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/server_keycert.pem" tls: certificate_file = "/etc/raddb/certs/server_keycert.pem" tls: CA_file = "/etc/raddb/certs/cacert.pem" tls: private_key_password = "adam01" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m% d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests.
[root@serwerek sbin]# ./radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "nobody" main: group = "nobody" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/server_keycert.pem" tls: certificate_file = "/etc/raddb/certs/server_keycert.pem" tls: CA_file = "/etc/raddb/certs/cacert.pem" tls: private_key_password = "adam01" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m% d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, length=121 User-Name = "Adam" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0014bf2f16c2" Calling-Station-Id = "000e3573296d" NAS-Identifier = "0014bf2f16c2" NAS-Port = 55 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02000009014164616d Message-Authenticator = 0x88f32269e104d036be28f8411cd133b6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 0 to 192.168.1.1:2054 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x44e256d6f94136dbb146b56055f69cf3 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, length=236 User-Name = "Adam" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0014bf2f16c2" Calling-Station-Id = "000e3573296d" NAS-Identifier = "0014bf2f16c2" NAS-Port = 55 Framed-MTU = 1400 State = 0x44e256d6f94136dbb146b56055f69cf3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201006a0d8000000060160301005b01000057030143b50d1a0e6730
f71ec0114327ca53bc3eade6ecabd6c027a46f2642fb6e39d000003000390038003500160013
000a
00330032002f0066000500040065006400630062006000150012000900140011000800030100
Message-Authenticator = 0xe801c7aec46700968dfa44913e23d516 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 106 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 02a7], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 0 to 192.168.1.1:2054 EAP-Message = 0x0102040a0dc0000004ab160301004a02000046030143b50c5e53e9e8
a74a80938207f2b0b3bb015986bef383fbada6998b571453ee2050a14d2d1936b94767dc8e38
5486
0e4a418ee7d1541dc3c54807f12c5996889200390016030102a70b0002a30002a000029d3082
0299
30820202a003020102020101300d06092a864886f70d0101040500308185310b300906035504
0613
02504c311330110603550408130a446f6c6e79536c61736b3110300e0603550407130757726f
636c
6177310e300c060355040a1305446f6d656b3122302006035504031319736572776572656b2e
6164 616d656b2e686f70746f2e6f7267311b301906092a864886f7 EAP-Message = 0x0d010901160c61726f67616c4077702e706c301e170d303531323330
3038333635345a170d3036313233303038333635345a308185310b300906035504061302504c
3113
30110603550408130a446f6c6e79536c61736b3110300e0603550407130757726f636c617731
0e30
0c060355040a1305446f6d656b3122302006035504031319736572776572656b2e6164616d65
6b2e
686f70746f2e6f7267311b301906092a864886f70d010901160c61726f67616c4077702e706c
3081
9f300d06092a864886f70d010101050003818d0030818902818100e446b6595abca00c76e48b
21d6 95f43d9a2770dd067bfcaef859ec5bcedb74a14600a9dd179e EAP-Message = 0x23d8f7809495f018a50d359f78915fb18b41a74e7441f6716823e415
0febd758698291dd48150bc697d56be21a536b089b17f9e3fa049db4e52402fac8f72e493cbf
cbda
0e217cdd2a93598632c1c64cc7d70840ec0fbce918e30203010001a317301530130603551d25
040c
300a06082b06010505070301300d06092a864886f70d0101040500038181000662e9a572dec1
51d2
6adb88c7cee3cc7bf0f7f41e8c03d8b85b2b7db7ab2b35fb21ecabb9f15f395e6482b762c04a
ec81
0c4a9883986037d5c17eaf0539e64aae928e7da2394d5b5b3c7d61791d3ae373cf15a1592502
1f00 51f518de9c12f6e04fe46f39a2b53f6b2345b0b94fc9da2499 EAP-Message = 0x110108df4251a2d2f21ca4ebaf2c160301010d0c0001090040ca7f38
db174492ff0737acbd4117d15bb7b41b837016a8422f3a34f9af06244de89a01df120f154711
7480
2929bc655907ca6ff7b441f03ea72c1ad2c3caae8b00010500407f8f356cf73802cb22f17e4d
3a2c
ea90839f15a1b1c4d7d15014724bd5ef9aba1e17dd262df70a5c8784c64dbd5dcb6a0ae0bdfa
390b
337d50ed9e97d97324b60080c10536878e2d1ec56f2ad550b03e61c35ae1920f1d5ab39c5ed5
bfe2
f8cd2b804799634038088cd836ab6229e86a39589c5a3f9cf93c700c2dfd6bf684ea2e5efc90
12db f4a6704e75cdd233d632c43e0f0a762ad8df90da110e39dd2f EAP-Message = 0x0aab1b9e0bc4fe20ea2b877b8ccb0c2e7b89e1e6952f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x767b202144333f7b0182c93a33070eb4 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, length=136 User-Name = "Adam" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0014bf2f16c2" Calling-Station-Id = "000e3573296d" NAS-Identifier = "0014bf2f16c2" NAS-Port = 55 Framed-MTU = 1400 State = 0x767b202144333f7b0182c93a33070eb4 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060d00 Message-Authenticator = 0x2e5131827a4a1a6955a9eada5a37ad5d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 0 to 192.168.1.1:2054 EAP-Message = 0x010300b50d80000004abea37366e949b739e4e8ce5d1051603010099
0d0000910403040102008a0088308185310b300906035504061302504c311330110603550408
130a
446f6c6e79536c61736b3110300e0603550407130757726f636c6177310e300c060355040a13
0544
6f6d656b3122302006035504031319736572776572656b2e6164616d656b2e686f70746f2e6f
7267 311b301906092a864886f70d010901160c61726f67616c4077702e706c0e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe15d58f49422b6ce53338dbcb286d67d Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, length=147 User-Name = "Adam" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0014bf2f16c2" Calling-Station-Id = "000e3573296d" NAS-Identifier = "0014bf2f16c2" NAS-Port = 55 Framed-MTU = 1400 State = 0xe15d58f49422b6ce53338dbcb286d67d NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300110d800000000715030100020230 Message-Authenticator = 0x9ccbb7428e7fb4c0adce582d01b259c6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A 2426:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c :1052:SSL alert number 48 2426:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c: 837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. In SSL Handshake Phase In SSL Accept mode rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. eaptls_process returned 13 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 3 modcall: group authenticate returns reject for request 3 auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.1.1:2054 EAP-Message = 0x04030004 Message-Authenticator = 0x00000000000000000000000000000000 Cleaning up request 3 ID 0 with timestamp 43b50c5e Nothing to do. Sleeping until we see a request.
As a client I use my buildin centrino card intel2200 and windows xp with sp2
So if enybody can help I will be very gratefull
Best regards
Adam
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html