I'm having some odd troubles here with the check_crl = yes I've added what I think is the appropriate config file directives, I must be missing something. Here is the debug output, any help would be much appreciated -Bob rad_recv: Access-Request packet from host 192.168.2.169:1038, id=37, length=208 Framed-MTU = 1480 NAS-IP-Address = 192.168.2.169 NAS-Identifier = "PU-5300" User-Name = "rmyers-cmd" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 13 NAS-Port-Type = Ethernet NAS-Port-Id = "A13" Called-Station-Id = "00-13-21-ba-14-00" Calling-Station-Id = "00-11-11-64-a1-e6" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" EAP-Message = 0x0206000f01726d796572732d636d64 Message-Authenticator = 0xab51b4a66e5e063bf6ecb0244e478fd6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 15 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 157 users: Matched entry DEFAULT at line 188 modcall[authorize]: module "files" returns ok for request 5 radius_xlat: 'rmyers-cmd' rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd' radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radcheck radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id' rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 37 to 192.168.2.169:1038 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x010700060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x011fcb927c106af30a76bf45e031e026 Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.169:1038, id=38, length=291 Framed-MTU = 1480 NAS-IP-Address = 192.168.2.169 NAS-Identifier = "PU-5300" User-Name = "rmyers-cmd" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 13 NAS-Port-Type = Ethernet NAS-Port-Id = "A13" Called-Station-Id = "00-13-21-ba-14-00" Calling-Station-Id = "00-11-11-64-a1-e6" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x011fcb927c106af30a76bf45e031e026 EAP-Message = 0x020700500d800000004616030100410100003d0301440cb2749bc2a634cef7356a18a591bab4181aa08ad97702e92c360a5bca7cc900001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x8cd00e8b1b35684ba2b8b81c14861bb9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 157 users: Matched entry DEFAULT at line 188 modcall[authorize]: module "files" returns ok for request 6 radius_xlat: 'rmyers-cmd' rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd' radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radcheck radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id' rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0562], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0073], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 38 to 192.168.2.169:1038 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x0108040a0dc00000062e160301004a020000460301440ca6c9ce32946be1ccac53123187db21cf3feaece1f5da6209b1d150132d6f20427a2b648e04281c7433674b6bff47834d3b252cae63361527f5124a08cb76a300040016030105620b00055e00055b00024730820243308201aca003020102020900b02d53f88c901429300d06092a864886f70d01010405003062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d301e170d303630313331 EAP-Message = 0x3139313831355a170d3037303133313139313831355a3065310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310f300d0603550403130673657276657230819f300d06092a864886f70d010101050003818d0030818902818100d7ecba2856c6c8427536a5100cec4b7ceed9af3e7e9f82ae8a444b0b744724ea3e99b165c59746b2900bbc6218b604a9309322295643f8d168f5d55a9e7e1be81950ab022acf750d5063120b7b56ed8f594a6e89e523e2027ace19e452fe414710f6ed EAP-Message = 0xd0d79cea027e94e35d0f6095fd04db8416c4f11f63bcf02d41d7293e450203010001300d06092a864886f70d010104050003818100a617555e7ca5a90a7e0eef057c96eb6d9dc5b8439ebbb52b7f7925dc68237c529e763580949c851755df0ac76b1451724b866e6bae7945fb64faeb88499084398dc9e7c0cbc31bd8489f27467d683448fb5787eb2b9c66d964232552a46d74c524273ccd6d3a7be29c0439b8f2c20bc96ab16755437270a2b9f647eb9806856a00030e3082030a30820273a003020102020900b02d53f88c901427300d06092a864886f70d01010405003062310b3009060355040613025553311530130603550408130c50656e6e EAP-Message = 0x73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d301e170d3036303133313139313733375a170d3038303133313139313733375a3062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d30819f300d06092a864886f70d010101050003818d0030818902818100cd464aa3398c84bd31985dea600f28cd60f7bced7e6c EAP-Message = 0x749306ff79145fb5e00628fc5908338f312aaf008a99 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa06c77f4cfd37fb9f16ced52ebdc6686 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.169:1038, id=39, length=217 Framed-MTU = 1480 NAS-IP-Address = 192.168.2.169 NAS-Identifier = "PU-5300" User-Name = "rmyers-cmd" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 13 NAS-Port-Type = Ethernet NAS-Port-Id = "A13" Called-Station-Id = "00-13-21-ba-14-00" Calling-Station-Id = "00-11-11-64-a1-e6" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0xa06c77f4cfd37fb9f16ced52ebdc6686 EAP-Message = 0x020800060d00 Message-Authenticator = 0x2716dcc5794b1beffe21cf96c356e943 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 157 users: Matched entry DEFAULT at line 188 modcall[authorize]: module "files" returns ok for request 7 radius_xlat: 'rmyers-cmd' rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd' radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radcheck radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id' rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns notfound for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 Sending Access-Challenge of id 39 to 192.168.2.169:1038 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x010902380d800000062e01c770ef206700cbd397b8f4627e086d6b2872b23e467fff195f007451bcb1547b66ca23a46ec638978c904ca8a942b73928be83ef91154e6c22817461d944f6ed41f7bfd17bc1ba8b6a6295eba1d63549d5dbd30203010001a381c73081c4301d0603551d0e041604147084def1ae8ce1a8344e404cfe763700473b65f43081940603551d2304818c30818980147084def1ae8ce1a8344e404cfe763700473b65f4a166a4643062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009 EAP-Message = 0x060355040b13024954310c300a0603550403130352504d820900b02d53f88c901427300c0603551d13040530030101ff300d06092a864886f70d010104050003818100a4448cd34e1dd346ee6638304d4b8f2e9ee6d8b3fc85c68d71f80b9b74cc549332042dbec402dcf84655c2478cd9ec086c4df0ae8ace50992085005e76fd10b9f7a237984a196d7614437ee9e97e7e621e6b2a07d67d0384e0485960257f2074644699b9ec065cc673a7b05622013abb3beb77d0cd2d1624e7676922eaa6e82f16030100730d00006b020102006600643062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e696131133011 EAP-Message = 0x0603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d0e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfc10b5f87ea497dbce8d66694199924f Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.169:1038, id=40, length=1387 Framed-MTU = 1480 NAS-IP-Address = 192.168.2.169 NAS-Identifier = "PU-5300" User-Name = "rmyers-cmd" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 13 NAS-Port-Type = Ethernet NAS-Port-Id = "A13" Called-Station-Id = "00-13-21-ba-14-00" Calling-Station-Id = "00-11-11-64-a1-e6" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0xfc10b5f87ea497dbce8d66694199924f EAP-Message = 0x020904900d800000048616030104560b0003460003430003403082033c308202a5a003020102020900b02d53f88c90142c300d06092a864886f70d01010405003062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d301e170d3036303330363231303532345a170d3036303630343231303532345a3069310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a4861727269736275 EAP-Message = 0x7267310c300a060355040a13034d5349310b3009060355040b13024954311330110603550403130a726d796572732d636d6430819f300d06092a864886f70d010101050003818d0030818902818100daf05c6716f9346a5b14322363d56e9e47bce702e316f9961f06beaf89e571b6c81d7ec957bb4103ef28898be6cac14dacfb6d71265134cf9193dc08ce5e05b71d0074daca80665453493ef750381e94f8033f3212e94f7cf24e6ae34537edaf3c3b0a9e09a40cb7fec19c32d0753bfab5d6424acb1e8bb0b7a7bb453d00905d0203010001a381f23081ef30090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c EAP-Message = 0x2047656e657261746564204365727469666963617465301d0603551d0e04160414139d43580e4b595bf65001b9fb711d3a5cf04bc93081940603551d2304818c30818980147084def1ae8ce1a8344e404cfe763700473b65f4a166a4643062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d820900b02d53f88c901427300d06092a864886f70d010104050003818100289d684fa9f9e1df1757e61a0396237d891de9780a69d3db969d0c901ac8 EAP-Message = 0x36722ca531e05c52e116121dd0afabf1d8994b669084140b94c15c9ce05104a021bbfb5e79ede88ceaf592b3366df0d50eafe8bcf4ceaeddf284d3801de3eea9fab5cbe1b539784a825da253facb813e15b36a3eebd68da4add2ab48a7085c799886100000820080c72a0e26751c13b01c91545ff716fe9f16ff0328cfa0eb8822edd6c870b2fe6303e12c642f31edf017cf6cb49d6078b7b69809374f39ea5591144a0e97f882d7f99ea9eb8a3bc2e77f48dd0a9bac62857c51d7221ab13d9261dbe12240f3d9b8547242b4746e7500af619f80b9bc7ae8f8bf565941e83c639e86e5eef7877b720f0000820080a9fca434166b7bd12f2cc27bfe2462 EAP-Message = 0x87a99ec1d2579f9db69e725b1b7293b40ad087b41245bdfb338fcf70ce246f0924802e83573fdaad1f87438ede8a2edc7ec46b720edac3c3ad201b58771c2b09a2723fd2a16a8e5b20e9f7a073adb14635a3c2e59b966243fb5e974eea38111093fb27bca1e022225b161574f15a5159b01403010001011603010020a20a05e395b2ed0dfcc2e8f44addda5b3238f904b9f20c6017a772acb12c1608 Message-Authenticator = 0x43ae9e2d4338d3d0d1c91c3db6ca955e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 9 length 253 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 157 users: Matched entry DEFAULT at line 188 modcall[authorize]: module "files" returns ok for request 8 radius_xlat: 'rmyers-cmd' rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd' radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radcheck radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id' rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns notfound for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 034a], Certificate --> verify error:num=3:unable to get certificate CRL rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B 31460:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2021: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8 Sending Access-Challenge of id 40 to 192.168.2.169:1038 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x010a00110d800000000715030100020230 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb722537bdfd460d8a203eab6301e97d9 Finished request 8 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.169:1038, id=41, length=217 Framed-MTU = 1480 NAS-IP-Address = 192.168.2.169 NAS-Identifier = "PU-5300" User-Name = "rmyers-cmd" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 13 NAS-Port-Type = Ethernet NAS-Port-Id = "A13" Called-Station-Id = "00-13-21-ba-14-00" Calling-Station-Id = "00-11-11-64-a1-e6" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0xb722537bdfd460d8a203eab6301e97d9 EAP-Message = 0x020a00060d00 Message-Authenticator = 0x1ffb7e5aeb268158ff2c4a81fb2d07eb Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 10 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry DEFAULT at line 157 users: Matched entry DEFAULT at line 188 modcall[authorize]: module "files" returns ok for request 9 radius_xlat: 'rmyers-cmd' rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd' radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radcheck radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id' rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): User rmyers-cmd not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns notfound for request 9 modcall: group authorize returns updated for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack alert eaptls_verify returned 4 eaptls_process returned 4 rlm_eap: Handler failed in EAP/tls rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 9 modcall: group authenticate returns invalid for request 9 auth: Failed to validate the user. Delaying request 9 for 1 seconds Finished request 9 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.169:1038, id=41, length=217 Sending Access-Reject of id 41 to 192.168.2.169:1038 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 37 with timestamp 440ca6c9 Cleaning up request 6 ID 38 with timestamp 440ca6c9 Cleaning up request 7 ID 39 with timestamp 440ca6c9 Cleaning up request 8 ID 40 with timestamp 440ca6c9 Cleaning up request 9 ID 41 with timestamp 440ca6c9 Nothing to do. Sleeping until we see a request.