Hi, i installed the aktual version of freeradius on a debian system and generated a CA und server/client certificates with TinyCA2. I want to authenticate the clients using EAP/TLS. But now i get this output of freeradius and freeradius freezes at this point. Can someone tell me why this happens? Sending Access-Challenge of id 22 to 192.168.1.252:1326 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0117040a0dc0000011da95300f0603551d130101ff040530030101ff301106096086480186 f842010104040302010630090603551d1204023000302b06096086480186f842010d041e161c 54696e7943412047656e65726174656420436572746966696361746530210603551d11041a30 18811643412d52616469757340616b2d7365727665722e6465300b0603551d0f040403020106 300d06092a864886f70d010105050003820201002cb7d2ab56adb9d5a348a6bc0391ecbd8f53 215ca3ad83c74730cba78bcb0f36800f71f9c9e672b5ad761fddb06f72075715ad686dd6e31c 496c015847927af98a5820860004122fd22eba64dbffe46d8def EAP-Message = 0x4dfd2195d70b313f472b31e0dec0d39f08e95d9c6ee43b060954e7cda70492fb473698daca 42a3a76e07601ecc9d746ea3eac2daa4da050dd21d1c8daebf845abc3daa199a3fb35c5fc6c8 76d312b8c90775a6de01092e337da7ccb155f9e67713b1e3a8c171b3663256e60f25e009c9aa 454db5299ed3de9ac280eca445f57ab53be98287d63540631085c9a166904842e44d4ff63e69 1c86590ff95319bf1370f7f5f1f8eaa331403588e2bda2bb2d6750e3a769fe878e9723ab0f89 03deab637a6d83fe77f79f89af7dbb7578d511033d01b0f5455b016503582ca56fcc79142ff1 551abab18e9f76a71e148838d7036db5de29a4f6bc4598daffd1 EAP-Message = 0x199ad4d07da7e11c82f03f6895c1b3941139eadf341ce19d3edbfd1bac3719b5f7eb22c5ba 729d58c553ce72adb9af2e92edc34381b42c83c755bafa8442f28d5c574c8a9827938605f397 110186c84e34d13bbd8fc322f58808f7f556518d19f93c42678f12acf01f3f1ab70834b2baa1 cc461bdc970e0f942ea57f1b3913e55cca966066c00c504d12e8d22a81d0daee14c4e08165a8 71d33373b49037fe596fc987f47dfbea4343b2cad19053e50d95160301028d0c0002890040be 4f362c2e1dd2744e7c980ee5d9a708e9075935767ee7fecb9a91b67b0e1611eb5acc1d7d3224 8195513d17734004d37cc721d59ed25d08a48a2164361419e300 EAP-Message = 0x010500400a294a0f089a763d7338d32e2f8c633b1e186a316091c678c314a1afb16ceb2b57 090b5a068d36c54ff061e5ab76b4a969c88a0f7590aefef1b56512aebf5c2e02006572fd3a81 faa03031a8dee67d18ee0625b873e37ede370854c4a7ee122ad3206d97e0ef365299eac3baa8 d8bf6af223058628d5660da500e81a906cc044ef2f3ec59a7373f447e46e5ad84aaa0d373a19 88f0cf6b647bcfb913d6607fc88e0287f201fc3ddc563921460daf1ed27988e407e65c2ea2b2 5173a95d2db5bda931ae2b9e8a5605d82e1331e3a091ee29029aa8218efb3c883da22208b556 120a3e85a96206a29a8951e050439b350e932836667981dbd617 EAP-Message = 0x6d69bed85ccfa622102bcfe18acfe16c40c119ba45dc Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd18c60556f39fcd47f7a825bbd1b5a27 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.252:1327, id=23, length=130 User-Name = "Kraemer.Armin" NAS-IP-Address = 192.168.1.252 NAS-Identifier = "acess_point_siemens" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xd18c60556f39fcd47f7a825bbd1b5a27 EAP-Message = 0x021700060d00 Message-Authenticator = 0xe4c3119fa2de7a9cc9e9a4ec080c3826 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "Kraemer.Armin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 23 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 23 to 192.168.1.252:1327 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x011801e40d80000011dae39d887a37fabeb64fa534c3ada7c58edf92a99adfde716787b84f ef17d5007ad72883d0fd743a1926baf7d95d062d8c5e337ede1f27d1101c6ab6b6a5d3991ba8 d127adf3c6464e91b48821d5e43e64a7901c76ce3e9a5da9e18cce9d73b2c7d6d4ddd72cffdc 348c2097f2fbbd393583873fc6a1b22addaa53d7839ded2b0f4a096b0d29280d894975dcdfc0 dd7bcf294fb1d4f11b7c7c1163ff7b72e9bd3b8a00327c13f7058160a7ea61ef7d1158f488f0 2e28882082469c1597b703c6c0627f70decff409e9ca4d113c11e9ee491600e317f08ca7ea67 a91a5f391c2bac855875743599ed715db1c1f638d4f36396ee08 EAP-Message = 0xf4107a7c5872a3ee6beeff50d48659237c3cae753cbf7a237fcbdd0ccf70d3b6dc357e8912 0931f0103a4f30b653acba303e12772b5b52c98354c22ffab4e50916030100a20d00009a0403 0401020093009130818e310b3009060355040613024445310e300c0603550408130542615775 65310d300b060355040713044b65686c31173015060355040a140e46616d6c69655f4b726165 6d6572310b3009060355040b13024954311330110603550403140a4541502d544c535f434131 25302306092a864886f70d010901161643412d52616469757340616b2d7365727665722e6465 0e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x54581dba1086732b25cb0cb40ef1191d Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.1.252:1328, id=24, length=141 User-Name = "Kraemer.Armin" NAS-IP-Address = 192.168.1.252 NAS-Identifier = "acess_point_siemens" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x54581dba1086732b25cb0cb40ef1191d EAP-Message = 0x021800110d80000000071503010002022e Message-Authenticator = 0xb63955ca477f1467fdb23903d11cfcda Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "Kraemer.Armin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 24 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal certificate_unknown TLS Alert read:fatal:certificate unknown TLS_accept:failed in SSLv3 read client certificate A 30107:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1052:SSL alert number 46 30107:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. In SSL Handshake Phase In SSL Accept mode rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. eaptls_process returned 13 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 7 modcall: group authenticate returns reject for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.1.252:1328, id=24, length=141 Sending Access-Reject of id 24 to 192.168.1.252:1328 EAP-Message = 0x04180004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 18 with timestamp 43afecd0 Cleaning up request 2 ID 19 with timestamp 43afecd0 Cleaning up request 3 ID 20 with timestamp 43afecd0 Cleaning up request 4 ID 21 with timestamp 43afecd0 Cleaning up request 5 ID 22 with timestamp 43afecd0 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 6 ID 23 with timestamp 43afecd1 Cleaning up request 7 ID 24 with timestamp 43afecd1 Nothing to do. Sleeping until we see a request. Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9831ff3ccc7728edaf1d4355ba4d86a3 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.252:1326, id=22, length=130 User-Name = "Kraemer.Armin" NAS-IP-Address = 192.168.1.252 NAS-Identifier = "acess_point_siemens" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x9831ff3ccc7728edaf1d4355ba4d86a3 EAP-Message = 0x021600060d00 Message-Authenticator = 0xa2a46a1306f46b8c0c6fcce6b647e566 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "Kraemer.Armin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 22 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5