error in SSLv3 read client certificate A
Hi all I have an SSL error. I have installed a server on a vmware VM, and on it, I was able to make EAP/TLS without any problem. That is on a Suse 10. The FR version is 1.1.0. The openssl version is 0.9.8a (package openssl-0.9.8a-18.4). The compat-openssl097g-0.9.7g-13.2 is also installed. I made a Xen domU with a Suse 10. I copy the /etc/raddb to the xen domU, and start the server. With the xen domU I'm able to make MAC authentication, but, when I want to enable also the EAP/TLS. I got the following error : rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization *TLS_accept*: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello *TLS_accept*: *SSLv3* read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello *TLS_accept*: *SSLv3* write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 12a2], Certificate *TLS_accept*: *SSLv3* write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 000e], CertificateRequest *TLS_accept*: *SSLv3* write certificate request A *TLS_accept*: *SSLv3* flush data *TLS_accept*:*error* in *SSLv3* read client certificate A In SSL Handshake Phase In SSL Accept mode After that, there is a loop with "Access-Challenge" and the port keep to be closed. On the xen domU, the version of radius is 1.1.0 The version of openssl is 0.9.8a (package openssl-0.9.8a-16). The compat-openssl097g-0.9.7g-11 is also installed. The supplicant is a Windows XP SP2 Thanks for any help Ancalagon Here a complete log : The IP address of the FR is 10.10.22.222 The IP of the AP is 10.10.22.8 Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd/radiusd.pid" main: bind_address = 10.10.22.222 IP address [10.10.22.222] main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "yes" main: lower_pass = "yes" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "/etc/raddb/cacerts/" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/BALIN.pem" tls: certificate_file = "/etc/raddb/certs/BALIN.pem" tls: CA_file = "(null)" tls: private_key_password = "******" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = yes tls: check_cert_cn = "%{User-Name}" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded LDAP ldap: server = "10.10.22.222" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=admin,dc=company,dc=test" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "*****" ldap: basedn = "dc=company,dc=test" ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "userPassword" ldap: access_attr = "uid" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = yes ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: edir_account_policy_check = no ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: Over-riding set_auth_type, as we're not listed in the "authenticate" section. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS NAS-Port-Id rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS NAS-Port-Type rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS NAS-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port conns: 0x5555557a5420 Module: Instantiated ldap (ldap) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 10.10.22.222:1812 Listening on accounting 10.10.22.222:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.10.22.8:1024, id=143, length=205 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" EAP-Message = 0x0207000b01585054455354 Message-Authenticator = 0x35d62b249b863c177d4663bf92391b74 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_eap: EAP packet type response id 7 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 143 to 10.10.22.8 port 1024 EAP-Message = 0x010800060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x25c308680d7c72cc1f78bf6a548311d1 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=144, length=292 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x25c308680d7c72cc1f78bf6a548311d1 EAP-Message = 0x020800500d800000004616030100410100003d030146ced9e2ca2f9040f64a516358ecc7209b6f9b7d738e332a0c209a933c27e98300001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x033115f290de31d0309264338bc8af51 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 rlm_eap: EAP packet type response id 8 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 12a2], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 000e], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 144 to 10.10.22.8 port 1024 EAP-Message = 0x0109040a0dc000001309160301004a02000046030146cec8073eb4b4f6f3ee90841d97f4d2cd5950fe1765f13c409bfd32d68175bc2064b6217103f637ebd06212b630440e2aa27fb1a3fdbe533a62bf99b073a11e1100040016030112a20b00129e00129b00064a308206463082042ea003020102020103300d06092a864886f70d0101050500307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130553756243413123302106092a864886f70d01090116146c6f67697374696340636f6d EAP-Message = 0x69746572692e6265301e170d3037303630353134343130325a170d3137303630323134343130325a307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130542414c494e3123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e626530820222300d06092a864886f70d01010105000382020f003082020a0282020100a16a2a34bf1b96e1ea0bd4139b3932cdd36dd5dc27319cbb646d449ddc7957ba4033e3da40ff1faf3e50369a9dd86ec6426bd1f904fe EAP-Message = 0x46ce2f3991e88e71921b5a9c438bb499b083cc9b8ff9053bb78f640741b9450106bc38935548e4e84064706b87939b45afeae8f54eba236d0eb10ab0e24a91836da1269558f548e1404083d09f1c5ef16a04d71daaae7e4d8cd813e6b504f1e8fbe7fbc5626f5e88949914d0ba6fa8251ad4cd50011f78e8f56349d236c0ccd0f4e33f8f017d315a2049cde819595366d4f39bfe59514ecafaac65137076a42972c912bdfb559f76e1543aa680851037a8a3a74696d9b884ee95aa26a4bfdde2756e53efed54d89007529b28d516312403af94ff96c80d0203c88b56c5b3e1fd75bc059c74f0096ea2aee53f1e0570264a50cc163be97a9e478b9d9d0c EAP-Message = 0x877fe3447d42cbc47eccdc17ba1f58d3b6c49869a6cb027464588ef0b9c19fb0b9973f12655962a6b5d81469654397eebc6c5da4013dcabe34fa7c5c21c3c8406459bfeeaacc90db5768a207771009d3fa694a1fbb9bff1e6ec4cad763c13f74a046acd36043fd37b28823171ec62a5cdc6d3eee81ba41829829090bb0ca1624d35e966a6c685c502195cab4d0168424277901dc4207e8a17ca5437caa18eaac42c99cafa9023c760c7d3d4cefdd0c3eab96ba0fd7144698ae55ff9d3383755b485668d065938f3df4a928bb7b0203010001a381d23081cf300c0603551d130101ff04023000301106096086480186f84201010404030205a030390609 EAP-Message = 0x6086480186f842010d042c162a42414c494e20536572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x38cde1036ec530eb79833ddd0e0d91a6 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=145, length=218 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x38cde1036ec530eb79833ddd0e0d91a6 EAP-Message = 0x020900060d00 Message-Authenticator = 0xf9e7e6874c2dddbd73eedc5586a4e9c0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 145 to 10.10.22.8 port 1024 EAP-Message = 0x010a040a0dc000001309766572204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604144743ccf509e7fbdfde43593e1bfc76ab94a47de9301f0603551d230418301680142e056f0838c7777e4676696dd17fdffd557cdd8930130603551d25040c300a06082b06010505070301301c0603551d1104153013821162616c696e2e636f6d69746572692e6265300d06092a864886f70d010105050003820201008e6ba1ac563fe4e39d54d5d97ea3c715e1b0677c15cb205cdd32fb393573bdc3cbf65d7fe1198194de2ae1ece320757aa07f51600a68a646cae74540a416c38eaa800f62d54b22b65f2eb7 EAP-Message = 0x390fbbb83c6db45edc7cff3f631103582eece62a1a2c65696ed7b985ff415541e7c20ed68adf7c86668d48cba43696d76d77f19bb63953a4a87d5660b9eada868a6aa963d0fb62caded8e3e5f18c94b2c6f77f3769fcb0c9f2ae57488ce0ed490ff82f6dbfe9356a8d3bd1ae99151892b51c6ed1e29c7ebdc1031777bed9a3100fa1f286a416e7f153089e89fa4961854f97a1868e44e47c83edc49e1a35110f82b14e5ef785c3514fdcf2af20b29a56ae1ab5fbf94e1654438f6bc15318b905b0e8aab8e148611c7536b746d07fb03e5c495dcc7043e0c8e509e27ae2f67930aaf61d66c7841d4ca4c6850a24c5fceba76889e87d627ef06f48adfd9c EAP-Message = 0x115a8538ff89a311c19c8b13b8744698e2332baee87dbf327e99c89853313ccd35e9fafba5ef3c0e5ef250ed1ebdabd5185d1cbcc6b27292b9d164e84dba0fbca94bffc5f731c4d316083175ef2379de60610656e9bc851922b6576418b272641e99aca9f68ad03e63a66b5cc83c496577e86ff0e1ef332be90d583b7d0cd13d5c08c9e649cf18b2e4d938dcf8cd0f457b808ea2c1d0cdd9322b3bfde7d016daa2ac68e1e0040fd81ded1ded5e4be298bf6a9591522176a80006323082062e30820416a003020102020102300d06092a864886f70d0101050500307d310b30090603550406130242453110300e0603550408130742454c4749554d3113 EAP-Message = 0x3011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d06035504031306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265301e170d3037303630353134343031365a170d3137303630323134343031365a307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130553756243413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265308202 EAP-Message = 0x22300d06092a864886f70d01010105000382020f0030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8ea25b4708c7dfc009cab784c6064dd1 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=146, length=218 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x8ea25b4708c7dfc009cab784c6064dd1 EAP-Message = 0x020a00060d00 Message-Authenticator = 0xa0f1f89749109edcb5c4b6b8ba7ecfbc Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 rlm_eap: EAP packet type response id 10 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 146 to 10.10.22.8 port 1024 EAP-Message = 0x010b040a0dc00000130982020a0282020100d882fa95e8d4bd71732ea535182ac05bc095bc52c0ea55eab26bec1751795413b27815488ecedd9cca6e1bce21a8bb1cb285b12686b6b77a4f91bf3043c65025b343fe8f8cc015ad70c630c0c6ce2c9ee2d702ece13f306b438c2a3bee0e3c4de2ac007525a890b04d67bcff032bd909efebea3d6b8df57c4edba1f055948f8b584a704b24d1e8c28449825705f3c3bdad8f863d7b6a274028c2cdfa5724aafdd46067151656ff0ebec18cd825a05858423cc983c1baa0cffdbb88954cb3fd361b885eb1e91650613af631533d5ccce2b73070f28929f6c0b79f57d8478f104e42ef8895c81b9cae0da4ce EAP-Message = 0x3c1e51112bbc9bbbcd7f12c550466bf84823db89710cf993522e4a3b15379453900a5e6f7e22aaeab1f2ceec26476cf1519c7f6f7aac52f99e3490bbc9d83a135e9a4aea7ecbb238b4500d2614465f23d8ec118785335b2d0261930940d7b288e204964776fe548bf34e7f79b8c67ad90ed6c6d20548b556193f3e0c07b73ce30a6bfa59eece19499ea0c5eb812ba759b65c28b70b1aec0a5de8a0772eb21176f91921c9aa447850af35fcfa975d4ca15543d80aaf963c542f9349a27f24d8f7eed2648f5cea65ef5d32eb1ef8b602367ca2e59243b3f54a8ef3c872fa58cce494cefeb4e6874b9dababe972edf1d02c531aa249eddb99e6f42c223387 EAP-Message = 0x38146319faf5df938ccdb5c9690f886a31470467ca7e1d450203010001a381b93081b6300f0603551d130101ff040530030101ff301106096086480186f84201010404030206c0303206096086480186f842010d042516235375624341204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604142e056f0838c7777e4676696dd17fdffd557cdd89301f0603551d23041830168014f7065eae7de0f71ccc4af436e2a9de730fb69e61301c0603551d1104153013821162616c696e2e636f6d69746572692e6265300d06092a864886f70d010105050003820201008c49de7d69e2e7772465c1910cd94a34 EAP-Message = 0x26a9eee42487c3a7ede8666cbedd93dc9e5676e82f92d6bfdc4273685a917eb3bb8f870a5a4fa08326b7d33a340b3c566081780443a10aa472a4d8b9f2c5d1ed373bf68f1f7c3b62654fb78cb0bfca7caf40d48f9924272092bba18b03e442115056edbfcd1852438275ebc2c1d31a00923b94e003b5b3dbeb0c762baf339f9c40538da28696f964f9a69ae1c8923001a8225afc7dec8aa1040d455a1f3f70cf38c5664bc91fedc5c6041dc3055ead27c5d75e3f7b336358cf02f04e733998c00b231e738d29d73021e3f2ab0a7bb0581d5bf366cd5954d9bcbeb76cc106dd8f67f61e9fd5fb7e5a9224583209ec1c6da72ead32517b45360065babec7 EAP-Message = 0x30404719a25565b1b018ee1b3140a208ad74c7bb2557 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56c4aaa602ee163eae0551c02201778d Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=147, length=218 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x56c4aaa602ee163eae0551c02201778d EAP-Message = 0x020b00060d00 Message-Authenticator = 0xba9515c4b486e9213d3ad85ecd98fb46 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 147 to 10.10.22.8 port 1024 EAP-Message = 0x010c040a0dc00000130979101945c8a25e08ce719f139daab89f2913ec5a47308ebdf22f8a97b42772d43600a550950c3cfb38f75aad86fc924bb06e4a869f5a7d3bd1edd940b87322b6df7c676584cc8d206b0f32d24aca570c1e10e3f9754f04ceb9a8d01dba47327277c18279173b000dd3748b98c2c18cc7b486a2eea4c1c0aba7d1b8a6d050be0908f254c10fd7a773794d45c9cea67f454d5d7a14b24c3dca291f10f784f0318f705ac70ec12ec9bb5a974d292f3a17b568f0e06d01f9d557c499087518643b980be0d34eaaff5210d1fa4a3e153db7d2a0ed6cf742f21180d0fe471d3b00061630820612308203faa003020102020101300d06 EAP-Message = 0x092a864886f70d0101050500307d310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d06035504031306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265301e170d3037303630353134333935335a170d3137303630323134333935335a307d310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d0603550403 EAP-Message = 0x1306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e626530820222300d06092a864886f70d01010105000382020f003082020a0282020100b20918065a6b84ce3d8f7249c8cb3c071b17ec534527ca69411e2cb8cdfaacdea3cd4390ff22a4b6042992f4392daf7bfc6e0ded3c4097d64330d5e8c8cbf5d6156e6fe02554157b82c65f82cf3f76bfe265ed9b4d48f75f28a2e792d402bfbf35f3d14aa5d6e45de6d56e93b56bd6fd7b418b1924ad9a864d49911fe14a5878713085105e59fe76aa2a8dd1ce01e06dd702d0bee64af8942164d34f2b5132a1dcd2170c76abf5ef18010038650334 EAP-Message = 0xe7c057b193c1aa785eb9a379469f00a2c8f3f8c896daaa870262959a5f7f347ce278ab2a061b4014a86c6d3456e93c0ed3785f77124133022702e3667939a0c4e04f495ba87b13b44b5b436f388154dbb149b8e9e9f23b4e758428069193b40e63d15d0b72f24c9e4b31c57ebb4ad7512af91de3642797873865b4f72d3b4f175578d9afca22a482d11a2b13d4f84150512af014c7f3ac8263d4d8ef8f759da9a5c0f299e48720e3c8806cdb158cd2950858860ea156c092bfc14ee6b5ddb3967603a7faaaae7ca7848e2fe9a5020b24b6b6f37e40d310def881f1cb3012775f2e3e01dcd923b23a249036469329c8aa026250b3ac74b67f5ca83b2a89 EAP-Message = 0xb66fb39b83ca59af7cbef82422266215e4e0ca723d01 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd9374b4d75d282399cb8b5ee098d52f4 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=148, length=218 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0xd9374b4d75d282399cb8b5ee098d52f4 EAP-Message = 0x020c00060d00 Message-Authenticator = 0xbe496ef0960ec9f9529915f7e1311eb2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 rlm_eap: EAP packet type response id 12 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 148 to 10.10.22.8 port 1024 EAP-Message = 0x010d03130d8000001309287c4f702752528018133c52b1a1b2c65a9046b7393dfef9a8cfce4b7b0eaba4d0876452089da5fb76a49c4c84254b97cfa5df4bbcbb429a619cf3cb0f310203010001a3819c308199300f0603551d130101ff040530030101ff301106096086480186f84201010404030206c0303306096086480186f842010d04261624526f6f744341204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414f7065eae7de0f71ccc4af436e2a9de730fb69e61301f0603551d23041830168014f7065eae7de0f71ccc4af436e2a9de730fb69e61300d06092a864886f70d01010505000382 EAP-Message = 0x02010069571a370042802a5ffcc227b9042613264a0fee01fd7ea644da3fe106e27d90a2141c1070ddb524dbde6f76a4db718073fcb260e736bf00fdafa030721e5258f45af055ae11145ef2a72f62cc1eb29ee94ebf260db383abaf0deae176be6c635d433ea7825e86831cba931871aa80e3a1817077513bdfb7c7712d9e3d44e9d10623fb16d4493c2c27eff2390bfbf405867b2823bc09aa1e1b47823d93753d1a83cbdb8ab723e71f366f1ba6809cf3841ecba97af8c61f1130974453450f5dc6cd2ce448921b8098d9240513732c2886619ec8a37ec23ff77c134933f0c3f8541e614f2629d03ab9a3ffe3fe6581af46c85381b7e5ad9bb8f527 EAP-Message = 0x0512b77de2468c133d0466be87f1e6b202840e861390e620c1d2d740d54f168292899289ea9c55288fc0eb2ff82c7886db4d8e1adf70dcdb9f4f7ee205b7be2cbb1145ad42b94025c5e7e89e19d7edf4a96e69e91d61607325bf96ff0f5512720a7b79317f02378c877e19530579dba8b21cc44fde51a798e007dc5e21c2aa70ed898ca3ab43dd7aa18b0dec276e6479dbe89656055e2748f08cb958f7e9811eed49be433d619f944b56ad7a07d551045e6da7abec0b08d6a37767892f6cd69e26d22963747efe7c3bdaca393e0de33d9ca762d5a72478e448be92093baf0746c22bcfcac1ac1be4b926dd6a2e6e56f92846f676899a09dc13038237e0 EAP-Message = 0x06a018f7c83684195b160301000e0d0000060301020500000e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x444beecadbaa5b4df899c0b46fb8d48c Finished request 6 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 143 with timestamp 46cec807 Cleaning up request 2 ID 144 with timestamp 46cec807 Cleaning up request 3 ID 145 with timestamp 46cec807 Cleaning up request 4 ID 146 with timestamp 46cec807 Cleaning up request 5 ID 147 with timestamp 46cec807 Cleaning up request 6 ID 148 with timestamp 46cec807 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.10.22.8:1024, id=150, length=205 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" EAP-Message = 0x0214000b01585054455354 Message-Authenticator = 0x7ae3b604ace299bf07962cf0cf81ce7f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 rlm_eap: EAP packet type response id 20 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 150 to 10.10.22.8 port 1024 EAP-Message = 0x011500060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1109360f80f9381e0c71a20c69fca75b Finished request 7 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=151, length=292 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1109360f80f9381e0c71a20c69fca75b EAP-Message = 0x021500500d800000004616030100410100003d030146ceda0317f0de45d00a0ca3569cb0c54836d7f75457cbd58acda87003f4cba500001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xb045b522839c9210bb82bf0c83159af1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 rlm_eap: EAP packet type response id 21 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 12a2], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 000e], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 151 to 10.10.22.8 port 1024 EAP-Message = 0x0116040a0dc000001309160301004a02000046030146cec8281d2fa7b65ef67ea9ac41178a3018d75c08ada670bbf858283e5645e820e96f598a80ac7187bf87e3b8161211d2876cf6f12793f4738df009779c8217fd00040016030112a20b00129e00129b00064a308206463082042ea003020102020103300d06092a864886f70d0101050500307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130553756243413123302106092a864886f70d01090116146c6f67697374696340636f6d EAP-Message = 0x69746572692e6265301e170d3037303630353134343130325a170d3137303630323134343130325a307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130542414c494e3123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e626530820222300d06092a864886f70d01010105000382020f003082020a0282020100a16a2a34bf1b96e1ea0bd4139b3932cdd36dd5dc27319cbb646d449ddc7957ba4033e3da40ff1faf3e50369a9dd86ec6426bd1f904fe EAP-Message = 0x46ce2f3991e88e71921b5a9c438bb499b083cc9b8ff9053bb78f640741b9450106bc38935548e4e84064706b87939b45afeae8f54eba236d0eb10ab0e24a91836da1269558f548e1404083d09f1c5ef16a04d71daaae7e4d8cd813e6b504f1e8fbe7fbc5626f5e88949914d0ba6fa8251ad4cd50011f78e8f56349d236c0ccd0f4e33f8f017d315a2049cde819595366d4f39bfe59514ecafaac65137076a42972c912bdfb559f76e1543aa680851037a8a3a74696d9b884ee95aa26a4bfdde2756e53efed54d89007529b28d516312403af94ff96c80d0203c88b56c5b3e1fd75bc059c74f0096ea2aee53f1e0570264a50cc163be97a9e478b9d9d0c EAP-Message = 0x877fe3447d42cbc47eccdc17ba1f58d3b6c49869a6cb027464588ef0b9c19fb0b9973f12655962a6b5d81469654397eebc6c5da4013dcabe34fa7c5c21c3c8406459bfeeaacc90db5768a207771009d3fa694a1fbb9bff1e6ec4cad763c13f74a046acd36043fd37b28823171ec62a5cdc6d3eee81ba41829829090bb0ca1624d35e966a6c685c502195cab4d0168424277901dc4207e8a17ca5437caa18eaac42c99cafa9023c760c7d3d4cefdd0c3eab96ba0fd7144698ae55ff9d3383755b485668d065938f3df4a928bb7b0203010001a381d23081cf300c0603551d130101ff04023000301106096086480186f84201010404030205a030390609 EAP-Message = 0x6086480186f842010d042c162a42414c494e20536572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x225bdb4562224573e767890c65122ca6 Finished request 8 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=152, length=218 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x225bdb4562224573e767890c65122ca6 EAP-Message = 0x021600060d00 Message-Authenticator = 0x415d1bcc45107409b29d9015fa7c9102 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 rlm_eap: EAP packet type response id 22 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 9 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 9 modcall: leaving group authenticate (returns handled) for request 9 Sending Access-Challenge of id 152 to 10.10.22.8 port 1024 EAP-Message = 0x0117040a0dc000001309766572204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604144743ccf509e7fbdfde43593e1bfc76ab94a47de9301f0603551d230418301680142e056f0838c7777e4676696dd17fdffd557cdd8930130603551d25040c300a06082b06010505070301301c0603551d1104153013821162616c696e2e636f6d69746572692e6265300d06092a864886f70d010105050003820201008e6ba1ac563fe4e39d54d5d97ea3c715e1b0677c15cb205cdd32fb393573bdc3cbf65d7fe1198194de2ae1ece320757aa07f51600a68a646cae74540a416c38eaa800f62d54b22b65f2eb7 EAP-Message = 0x390fbbb83c6db45edc7cff3f631103582eece62a1a2c65696ed7b985ff415541e7c20ed68adf7c86668d48cba43696d76d77f19bb63953a4a87d5660b9eada868a6aa963d0fb62caded8e3e5f18c94b2c6f77f3769fcb0c9f2ae57488ce0ed490ff82f6dbfe9356a8d3bd1ae99151892b51c6ed1e29c7ebdc1031777bed9a3100fa1f286a416e7f153089e89fa4961854f97a1868e44e47c83edc49e1a35110f82b14e5ef785c3514fdcf2af20b29a56ae1ab5fbf94e1654438f6bc15318b905b0e8aab8e148611c7536b746d07fb03e5c495dcc7043e0c8e509e27ae2f67930aaf61d66c7841d4ca4c6850a24c5fceba76889e87d627ef06f48adfd9c EAP-Message = 0x115a8538ff89a311c19c8b13b8744698e2332baee87dbf327e99c89853313ccd35e9fafba5ef3c0e5ef250ed1ebdabd5185d1cbcc6b27292b9d164e84dba0fbca94bffc5f731c4d316083175ef2379de60610656e9bc851922b6576418b272641e99aca9f68ad03e63a66b5cc83c496577e86ff0e1ef332be90d583b7d0cd13d5c08c9e649cf18b2e4d938dcf8cd0f457b808ea2c1d0cdd9322b3bfde7d016daa2ac68e1e0040fd81ded1ded5e4be298bf6a9591522176a80006323082062e30820416a003020102020102300d06092a864886f70d0101050500307d310b30090603550406130242453110300e0603550408130742454c4749554d3113 EAP-Message = 0x3011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d06035504031306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265301e170d3037303630353134343031365a170d3137303630323134343031365a307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130553756243413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265308202 EAP-Message = 0x22300d06092a864886f70d01010105000382020f0030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa331ce3a7c15d39bdefcb7fa6343a0a8 Finished request 9 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=153, length=218 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0xa331ce3a7c15d39bdefcb7fa6343a0a8 EAP-Message = 0x021700060d00 Message-Authenticator = 0x1c3809e25f39acf6b3eaceb713e19425 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 rlm_eap: EAP packet type response id 23 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 10 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 10 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 10 modcall: leaving group authorize (returns updated) for request 10 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 10 modcall: leaving group authenticate (returns handled) for request 10 Sending Access-Challenge of id 153 to 10.10.22.8 port 1024 EAP-Message = 0x0118040a0dc00000130982020a0282020100d882fa95e8d4bd71732ea535182ac05bc095bc52c0ea55eab26bec1751795413b27815488ecedd9cca6e1bce21a8bb1cb285b12686b6b77a4f91bf3043c65025b343fe8f8cc015ad70c630c0c6ce2c9ee2d702ece13f306b438c2a3bee0e3c4de2ac007525a890b04d67bcff032bd909efebea3d6b8df57c4edba1f055948f8b584a704b24d1e8c28449825705f3c3bdad8f863d7b6a274028c2cdfa5724aafdd46067151656ff0ebec18cd825a05858423cc983c1baa0cffdbb88954cb3fd361b885eb1e91650613af631533d5ccce2b73070f28929f6c0b79f57d8478f104e42ef8895c81b9cae0da4ce EAP-Message = 0x3c1e51112bbc9bbbcd7f12c550466bf84823db89710cf993522e4a3b15379453900a5e6f7e22aaeab1f2ceec26476cf1519c7f6f7aac52f99e3490bbc9d83a135e9a4aea7ecbb238b4500d2614465f23d8ec118785335b2d0261930940d7b288e204964776fe548bf34e7f79b8c67ad90ed6c6d20548b556193f3e0c07b73ce30a6bfa59eece19499ea0c5eb812ba759b65c28b70b1aec0a5de8a0772eb21176f91921c9aa447850af35fcfa975d4ca15543d80aaf963c542f9349a27f24d8f7eed2648f5cea65ef5d32eb1ef8b602367ca2e59243b3f54a8ef3c872fa58cce494cefeb4e6874b9dababe972edf1d02c531aa249eddb99e6f42c223387 EAP-Message = 0x38146319faf5df938ccdb5c9690f886a31470467ca7e1d450203010001a381b93081b6300f0603551d130101ff040530030101ff301106096086480186f84201010404030206c0303206096086480186f842010d042516235375624341204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604142e056f0838c7777e4676696dd17fdffd557cdd89301f0603551d23041830168014f7065eae7de0f71ccc4af436e2a9de730fb69e61301c0603551d1104153013821162616c696e2e636f6d69746572692e6265300d06092a864886f70d010105050003820201008c49de7d69e2e7772465c1910cd94a34 EAP-Message = 0x26a9eee42487c3a7ede8666cbedd93dc9e5676e82f92d6bfdc4273685a917eb3bb8f870a5a4fa08326b7d33a340b3c566081780443a10aa472a4d8b9f2c5d1ed373bf68f1f7c3b62654fb78cb0bfca7caf40d48f9924272092bba18b03e442115056edbfcd1852438275ebc2c1d31a00923b94e003b5b3dbeb0c762baf339f9c40538da28696f964f9a69ae1c8923001a8225afc7dec8aa1040d455a1f3f70cf38c5664bc91fedc5c6041dc3055ead27c5d75e3f7b336358cf02f04e733998c00b231e738d29d73021e3f2ab0a7bb0581d5bf366cd5954d9bcbeb76cc106dd8f67f61e9fd5fb7e5a9224583209ec1c6da72ead32517b45360065babec7 EAP-Message = 0x30404719a25565b1b018ee1b3140a208ad74c7bb2557 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99f2c661566892ec27307b1827453a83 Finished request 10 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=154, length=218 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x99f2c661566892ec27307b1827453a83 EAP-Message = 0x021800060d00 Message-Authenticator = 0x32170d2e8a8b86e847ada3f5b139e6c7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 modcall[authorize]: module "preprocess" returns ok for request 11 rlm_eap: EAP packet type response id 24 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 11 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 11 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 11 modcall: leaving group authorize (returns updated) for request 11 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 11 modcall: leaving group authenticate (returns handled) for request 11 Sending Access-Challenge of id 154 to 10.10.22.8 port 1024 EAP-Message = 0x0119040a0dc00000130979101945c8a25e08ce719f139daab89f2913ec5a47308ebdf22f8a97b42772d43600a550950c3cfb38f75aad86fc924bb06e4a869f5a7d3bd1edd940b87322b6df7c676584cc8d206b0f32d24aca570c1e10e3f9754f04ceb9a8d01dba47327277c18279173b000dd3748b98c2c18cc7b486a2eea4c1c0aba7d1b8a6d050be0908f254c10fd7a773794d45c9cea67f454d5d7a14b24c3dca291f10f784f0318f705ac70ec12ec9bb5a974d292f3a17b568f0e06d01f9d557c499087518643b980be0d34eaaff5210d1fa4a3e153db7d2a0ed6cf742f21180d0fe471d3b00061630820612308203faa003020102020101300d06 EAP-Message = 0x092a864886f70d0101050500307d310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d06035504031306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265301e170d3037303630353134333935335a170d3137303630323134333935335a307d310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d0603550403 EAP-Message = 0x1306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e626530820222300d06092a864886f70d01010105000382020f003082020a0282020100b20918065a6b84ce3d8f7249c8cb3c071b17ec534527ca69411e2cb8cdfaacdea3cd4390ff22a4b6042992f4392daf7bfc6e0ded3c4097d64330d5e8c8cbf5d6156e6fe02554157b82c65f82cf3f76bfe265ed9b4d48f75f28a2e792d402bfbf35f3d14aa5d6e45de6d56e93b56bd6fd7b418b1924ad9a864d49911fe14a5878713085105e59fe76aa2a8dd1ce01e06dd702d0bee64af8942164d34f2b5132a1dcd2170c76abf5ef18010038650334 EAP-Message = 0xe7c057b193c1aa785eb9a379469f00a2c8f3f8c896daaa870262959a5f7f347ce278ab2a061b4014a86c6d3456e93c0ed3785f77124133022702e3667939a0c4e04f495ba87b13b44b5b436f388154dbb149b8e9e9f23b4e758428069193b40e63d15d0b72f24c9e4b31c57ebb4ad7512af91de3642797873865b4f72d3b4f175578d9afca22a482d11a2b13d4f84150512af014c7f3ac8263d4d8ef8f759da9a5c0f299e48720e3c8806cdb158cd2950858860ea156c092bfc14ee6b5ddb3967603a7faaaae7ca7848e2fe9a5020b24b6b6f37e40d310def881f1cb3012775f2e3e01dcd923b23a249036469329c8aa026250b3ac74b67f5ca83b2a89 EAP-Message = 0xb66fb39b83ca59af7cbef82422266215e4e0ca723d01 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05e009629f5cb5879444646fa6d15269 Finished request 11 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.22.8:1024, id=155, length=218 Framed-MTU = 1480 NAS-IP-Address = 10.10.22.8 NAS-Identifier = "switch-8-00-1" User-Name = "WINXPSP2" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 4 NAS-Port-Type = Ethernet NAS-Port-Id = "4" Called-Station-Id = "00-18-71-45-79-40" Calling-Station-Id = "00-30-05-6d-2c-c5" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x05e009629f5cb5879444646fa6d15269 EAP-Message = 0x021900060d00 Message-Authenticator = 0xafc92c43b0fb9214fe427e0a2eb68b7d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 modcall[authorize]: module "preprocess" returns ok for request 12 rlm_eap: EAP packet type response id 25 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 12 users: Matched entry WINXPSP2 at line 11 modcall[authorize]: module "files" returns ok for request 12 rlm_ldap: - authorize rlm_ldap: performing user authorization for WINXPSP2 radius_xlat: '(uid=WINXPSP2)' radius_xlat: 'dc=company,dc=test' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=test, with filter (uid=WINXPSP2) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 12 modcall: leaving group authorize (returns updated) for request 12 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 12 modcall: leaving group authenticate (returns handled) for request 12 Sending Access-Challenge of id 155 to 10.10.22.8 port 1024 EAP-Message = 0x011a03130d8000001309287c4f702752528018133c52b1a1b2c65a9046b7393dfef9a8cfce4b7b0eaba4d0876452089da5fb76a49c4c84254b97cfa5df4bbcbb429a619cf3cb0f310203010001a3819c308199300f0603551d130101ff040530030101ff301106096086480186f84201010404030206c0303306096086480186f842010d04261624526f6f744341204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414f7065eae7de0f71ccc4af436e2a9de730fb69e61301f0603551d23041830168014f7065eae7de0f71ccc4af436e2a9de730fb69e61300d06092a864886f70d01010505000382 EAP-Message = 0x02010069571a370042802a5ffcc227b9042613264a0fee01fd7ea644da3fe106e27d90a2141c1070ddb524dbde6f76a4db718073fcb260e736bf00fdafa030721e5258f45af055ae11145ef2a72f62cc1eb29ee94ebf260db383abaf0deae176be6c635d433ea7825e86831cba931871aa80e3a1817077513bdfb7c7712d9e3d44e9d10623fb16d4493c2c27eff2390bfbf405867b2823bc09aa1e1b47823d93753d1a83cbdb8ab723e71f366f1ba6809cf3841ecba97af8c61f1130974453450f5dc6cd2ce448921b8098d9240513732c2886619ec8a37ec23ff77c134933f0c3f8541e614f2629d03ab9a3ffe3fe6581af46c85381b7e5ad9bb8f527 EAP-Message = 0x0512b77de2468c133d0466be87f1e6b202840e861390e620c1d2d740d54f168292899289ea9c55288fc0eb2ff82c7886db4d8e1adf70dcdb9f4f7ee205b7be2cbb1145ad42b94025c5e7e89e19d7edf4a96e69e91d61607325bf96ff0f5512720a7b79317f02378c877e19530579dba8b21cc44fde51a798e007dc5e21c2aa70ed898ca3ab43dd7aa18b0dec276e6479dbe89656055e2748f08cb958f7e9811eed49be433d619f944b56ad7a07d551045e6da7abec0b08d6a37767892f6cd69e26d22963747efe7c3bdaca393e0de33d9ca762d5a72478e448be92093baf0746c22bcfcac1ac1be4b926dd6a2e6e56f92846f676899a09dc13038237e0 EAP-Message = 0x06a018f7c83684195b160301000e0d0000060301020500000e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0e3f75aa987e84b3da24e5ab556c9467 Finished request 12 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 7 ID 150 with timestamp 46cec828 Cleaning up request 8 ID 151 with timestamp 46cec828 Cleaning up request 9 ID 152 with timestamp 46cec828 Cleaning up request 10 ID 153 with timestamp 46cec828 Cleaning up request 11 ID 154 with timestamp 46cec828 Cleaning up request 12 ID 155 with timestamp 46cec828 Nothing to do. Sleeping until we see a request. ---------------------------------------------------------------------- Find out how you can get spam free email. http://www.bluebottle.com/tag/3
Ancalagon wrote:
That is on a Suse 10. The FR version is 1.1.0.
Why? 1.1.7 has been out for a while. Use it.
I made a Xen domU with a Suse 10. I copy the /etc/raddb to the xen domU, and start the server. With the xen domU I'm able to make MAC authentication, but, when I want to enable also the EAP/TLS. I got the following error : ... *TLS_accept*: *SSLv3* write certificate request A *TLS_accept*: *SSLv3* flush data *TLS_accept*:*error* in *SSLv3* read client certificate A
It means nothing. If you were using a recent version of the server, that message wouldn't appear.
After that, there is a loop with "Access-Challenge" and the port keep to be closed.
If you were using a recent version of the server, you would see that "eap.conf" contains documentation describing this issue, and how to fix it. The FAQ also talks about this issue. Alan DeKok.
Thanks for the answer, but, why does it work in the first server and not on the second? How could I manage to resolve this problem? On both server, the XP host is the same Alan DeKok wrote:
Ancalagon wrote:
That is on a Suse 10. The FR version is 1.1.0.
Why? 1.1.7 has been out for a while. Use it.
I made a Xen domU with a Suse 10. I copy the /etc/raddb to the xen domU, and start the server. With the xen domU I'm able to make MAC authentication, but, when I want to enable also the EAP/TLS. I got the following error :
....
*TLS_accept*: *SSLv3* write certificate request A *TLS_accept*: *SSLv3* flush data *TLS_accept*:*error* in *SSLv3* read client certificate A
It means nothing. If you were using a recent version of the server, that message wouldn't appear.
After that, there is a loop with "Access-Challenge" and the port keep to be closed.
If you were using a recent version of the server, you would see that "eap.conf" contains documentation describing this issue, and how to fix it.
The FAQ also talks about this issue.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------------------------------------- Get a free email account with anti spam protection. http://www.bluebottle.com/tag/2
Just for information. I made a new xen domU radius/ldap server on another Xen dom0 server. There, it works perfectly with the same configuration. There was a really big problem on the network of the firt borked domU. the borked dom0 is a SLES 10 the new dom0 is a SLES 10 SP1 Alan DeKok wrote:
Ancalagon wrote:
Thanks for the answer, but, why does it work in the first server and not on the second?
No idea. You only posted debug output from one server.
How could I manage to resolve this problem?
Run it in debugging mode, and read the output?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------------------------------------- Get a free email account with anti spam protection. http://www.bluebottle.com/tag/2
participants (2)
-
Alan DeKok -
Ancalagon