Hi, I'm trying to get Freeradius up and running on a WinXP box (win haters. be nice ;) ) I have downloaded, installed, and configured the Freeradius version from www.freeradius.net. The server starts seemingly without errors. However when I try to connect with my XP laptop I get a certificate error on the radius systems log. I have created 3 certificates, Root, Client, Server. The Root and Client certificates were installed via the MMC snapin and Import wizard in XP. Any idea on what could be causing the errors? If I need to post file contents, let me know which ones. Using EAP-TLS(cert based) not EAP-TTLS(user-pass based). Xp laptop is stuck at "Attempting to Authenticate." Checked options on laptop are.. Authenticate as Computer when info is available (checked) Authenticate as guest when comp/user info unavailable (UNCHECKED) Use a Certificate on this computer.(checked) Use Simple Cert selection (sub option, also checked) Validate Server Cert (checked) Trusted root I created/installed is checked Thanks, Brian. --- System configuration --- XP Desktop, SP2, FreeRadius, Wired to Network. Firewall off. XP Laptop, SP2, Wireless to network, firewall off. Netgear WG302 Prosafe AP. Wired to network. ---------------- 3 Logs to post.. Debug and two errors. ---Logs--- -Debug- C:\PROGRA~1\FreeRADIUS.net-1.1.1-r0.0.1\bin>radiusd.exe -d C:\progra~1\freeradiu s.net-1.1.1-r0.0.1\etc\raddb -AX Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/proxy.conf Config: including file: C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/clients.conf Config: including file: C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/snmp.conf Config: including file: C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/eap.conf Config: including file: C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/sql.conf main: prefix = ".." main: localstatedir = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/var" main: logdir = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/log/" main: libdir = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/lib" main: radacctdir = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/log//radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/log//radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/bin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/log//radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "C:/Docume~1/radius/rcerts/cert-srv.pem" tls: certificate_file = "C:/Docume~1/radius/rcerts/cert-srv.pem" tls: CA_file = "C:/Docume~1/radius/rcerts/root.pem" tls: private_key_password = "SuperSecretCode" tls: dh_file = "C:/Docume~1/radius/rcerts/dh" tls: random_file = "C:/Docume~1/radius/rcerts/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "%{User-Name}" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/hun tgroups" preprocess: hints = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/users" files: acctusersfile = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/acct_users" files: preproxy_usersfile = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/log//radacct/%{Client-IP-Address}/d etail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "C:/Progra~1/FreeRADIUS.net-1.1.1-r0.0.1/log//radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.1.1.189:1039, id=48, length=143 User-Name = "shadowwolf" NAS-IP-Address = 10.1.1.189 Connect-Info = "CONNECT 802.11" Called-Station-Id = "000fb5905a09" Calling-Station-Id = "0014a5104864" NAS-Identifier = "ap" NAS-Port-Type = Wireless-802.11 NAS-Port = 14 NAS-Port-Id = "14" Framed-MTU = 1400 EAP-Message = 0x0201000f01736861646f77776f6c66 Message-Authenticator = 0x0cfc3dbdb33f6d9f62cbd59c4e849d14 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "shadowwolf", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 15 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 178 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 48 to 10.1.1.189 port 1039 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6c44d3605cb5a79d23198397347d2bba Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.1.1.189:1039, id=49, length=226 User-Name = "shadowwolf" NAS-IP-Address = 10.1.1.189 Connect-Info = "CONNECT 802.11" Called-Station-Id = "000fb5905a09" Calling-Station-Id = "0014a5104864" NAS-Identifier = "ap" NAS-Port-Type = Wireless-802.11 NAS-Port = 14 NAS-Port-Id = "14" Framed-MTU = 1400 State = 0x6c44d3605cb5a79d23198397347d2bba EAP-Message = 0x020200500d800000004616030100410100003d030145283c25a8eae2 7a9fa8512761940517cc1e13455dbded74ed69dfba9118ba3a00001600040005000a00090064 0062 000300060013001200630100 Message-Authenticator = 0xc1a89b0fc9d91251ff1efed32a5d4ab2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "shadowwolf", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 178 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 025e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00c1], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 49 to 10.1.1.189 port 1039 EAP-Message = 0x010303820d8000000378160301004a02000046030145283c2743a408 aa5de69864552c046af9b0bb6e4ec5d083dd730d94289377da2094a65c39b362e5bb81d263c0 afbd efb6dc85ecb9bc0564708226cab3ea4d2200000400160301025e0b00025a0002570002543082 0250 308201faa00302010202020122300d06092a864886f70d01010505003060310b300906035504 0613 024155310c300a06035504081303514c4431193017060355040a13104d696e636f6d20507479 2e20 4c74642e310b3009060355040b13024353311b30190603550403131253534c6561792064656d 6f20 736572766572301e170d3036313030373032313732355a170d EAP-Message = 0x3037313030373032313732355a3081a2310b30090603550406130255 53311730150603550408130e536f757468204361726f6c696e61310e300c0603550407130541 696b 656e31173015060355040a130e4c6f636b65722053797374656d73311a3018060355040b1311 4d65 74616c204661627269636174696f6e31123010060355040313096c6967687477617665312130 1f06 092a864886f70d01090116127a65746f406c6f636b65727379732e766f6430819f300d06092a 8648 86f70d010101050003818d0030818902818100e2056bc302f8b1466a56602016699368280121 58d0 226d3fd02431e962f0acb8540f635f1a9a06e0a9d0843c7615 EAP-Message = 0x014fe79bfc4bb4d6b15db505d60fe699343794a09eb0b613cb3c4fc9 b090b88c2ad417fbc5104cf428dffeed87b20f683f332970ca36d4961efb5f9e32019d5fe3dd 811a b715cefbc39dc78a3890701e30190203010001a317301530130603551d25040c300a06082b06 0105 05070301300d06092a864886f70d01010505000341008afb125e6d5e10a665c6d482763ea4af c56e 59bb72a8fc6e3788a700259d5a72c5450c33d9968a88a3ec349376c4023a591425a20654dbfe d97a f2617f4ca44516030100c10d0000b90301020500b300b13081ae310b30090603550406130255 5331 1730150603550408130e536f757468204361726f6c696e6131 EAP-Message = 0x0e300c0603550407130541696b656e31173015060355040a130e4c6f 636b65722053797374656d73311a3018060355040b13114d6574616c20466162726963617469 6f6e 311e301c060355040313154c6f636b657220536563757269747920526f6f742e3121301f0609 2a86 4886f70d01090116127a65746f406c6f636b65727379732e766f640e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x57f6a443bf2f47b815e42769229d1aeb Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.1.1.189:1039, id=50, length=152 User-Name = "shadowwolf" NAS-IP-Address = 10.1.1.189 Connect-Info = "CONNECT 802.11" Called-Station-Id = "000fb5905a09" Calling-Station-Id = "0014a5104864" NAS-Identifier = "ap" NAS-Port-Type = Wireless-802.11 NAS-Port = 14 NAS-Port-Id = "14" Framed-MTU = 1400 State = 0x57f6a443bf2f47b815e42769229d1aeb EAP-Message = 0x020300060d00 Message-Authenticator = 0xe39222cf4fd6f6860c85ffe560aa5428 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "shadowwolf", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 178 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 50 to 10.1.1.189 port 1039 EAP-Message = 0x0104000a0d8000000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd2f07585b4ad88459f3f0f28a7fa6fb2 Finished request 2 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 48 with timestamp 45283c27 Cleaning up request 1 ID 49 with timestamp 45283c27 Cleaning up request 2 ID 50 with timestamp 45283c27 Nothing to do. Sleeping until we see a request. ----------- Error 1 is seen if I have Validate Server Certificate check on the XP Laptop. --Error 1-- Sat Oct 7 19:35:58 2006 : Error: TLS_accept:error in SSLv3 read client certificate A ------ Error 2 is seen if Validate is unchecked on the laptop --Error 2-- Sat Oct 7 19:34:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Sat Oct 7 19:34:35 2006 : Error: --> verify error:num=20:unable to get local issuer certificate Sat Oct 7 19:34:35 2006 : Error: TLS Alert write:fatal:unknown CA Sat Oct 7 19:34:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate B Sat Oct 7 19:34:35 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Sat Oct 7 19:34:35 2006 : Auth: Login incorrect: [shadowwolf/<no User-Password attribute>] (from client netnas port 11 cli 0014a5104864) -----
Brian vb wrote:
the radius systems log. I have created 3 certificates, Root, Client, Server. The Root and Client certificates were installed via the MMC snapin and Import wizard in XP. Any idea on what could be causing the errors? If I
On the server, the certificates are in *files* yes? tls: private_key_file = "C:/Docume~1/radius/rcerts/cert-srv.pem" tls: certificate_file = "C:/Docume~1/radius/rcerts/cert-srv.pem" tls: CA_file = "C:/Docume~1/radius/rcerts/root.pem" tls: private_key_password = "SuperSecretCode" They're there and valid?
Sending Access-Challenge of id 50 to 10.1.1.189 port 1039 EAP-Message = 0x0104000a0d8000000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd2f07585b4ad88459f3f0f28a7fa6fb2 Finished request 2 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 48 with timestamp 45283c27 Cleaning up request 1 ID 49 with timestamp 45283c27 Cleaning up request 2 ID 50 with timestamp 45283c27 Nothing to do. Sleeping until we see a request.
This looks like the server certificate doesn't have the magic oids - the XP client stops halfway through. Search the archives for "magic oids"
Error 1 is seen if I have Validate Server Certificate check on the XP Laptop.
--Error 1-- Sat Oct 7 19:35:58 2006 : Error: TLS_accept:error in SSLv3 read client certificate A ------
Error 2 is seen if Validate is unchecked on the laptop
--Error 2-- Sat Oct 7 19:34:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Sat Oct 7 19:34:35 2006 : Error: --> verify error:num=20:unable to get local issuer certificate Sat Oct 7 19:34:35 2006 : Error: TLS Alert write:fatal:unknown CA Sat Oct 7 19:34:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate B Sat Oct 7 19:34:35 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Sat Oct 7 19:34:35 2006 : Auth: Login incorrect: [shadowwolf/<no User-Password attribute>] (from client netnas port 11 cli 0014a5104864) -----
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Since you've obviously performed some kind of surgery on the debug logs here, it's difficult to determine precisely what the context for these two errors are. What is the single, full, unaltered debug output for the failure case you're actually trying to solve?
The "surgery" performed was simply to remove the repeating lines and define the two separate errors. Certs are in files, user has permission to read them (buried it in the users own profile directory to secure them better) I have the XpExtentsions and its referenced in the cert creation batchfile I have.
-----Original Message----- From: freeradius-users-bounces+nova5radius=gmail.com@lists.freeradius.org [mailto:freeradius-users- bounces+nova5radius=gmail.com@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Sunday, October 08, 2006 3:33 PM To: FreeRadius users mailing list Subject: Re: EAP-TLS Certificate problems.
Brian vb wrote:
the radius systems log. I have created 3 certificates, Root, Client, Server. The Root and Client certificates were installed via the MMC snapin and Import wizard in XP. Any idea on what could be causing the errors? If I
On the server, the certificates are in *files* yes?
tls: private_key_file = "C:/Docume~1/radius/rcerts/cert-srv.pem" tls: certificate_file = "C:/Docume~1/radius/rcerts/cert-srv.pem" tls: CA_file = "C:/Docume~1/radius/rcerts/root.pem" tls: private_key_password = "SuperSecretCode"
They're there and valid?
Sending Access-Challenge of id 50 to 10.1.1.189 port 1039 EAP-Message = 0x0104000a0d8000000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd2f07585b4ad88459f3f0f28a7fa6fb2 Finished request 2 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 48 with timestamp 45283c27 Cleaning up request 1 ID 49 with timestamp 45283c27 Cleaning up request 2 ID 50 with timestamp 45283c27 Nothing to do. Sleeping until we see a request.
This looks like the server certificate doesn't have the magic oids - the XP client stops halfway through. Search the archives for "magic oids"
Error 1 is seen if I have Validate Server Certificate check on the XP Laptop.
--Error 1-- Sat Oct 7 19:35:58 2006 : Error: TLS_accept:error in SSLv3 read client certificate A ------
Error 2 is seen if Validate is unchecked on the laptop
--Error 2-- Sat Oct 7 19:34:35 2006 : Error: TLS_accept:error in SSLv3 read
client
certificate A Sat Oct 7 19:34:35 2006 : Error: --> verify error:num=20:unable to get local issuer certificate Sat Oct 7 19:34:35 2006 : Error: TLS Alert write:fatal:unknown CA Sat Oct 7 19:34:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate B Sat Oct 7 19:34:35 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Sat Oct 7 19:34:35 2006 : Auth: Login incorrect: [shadowwolf/<no User-Password attribute>] (from client netnas port 11 cli 0014a5104864) -----
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Since you've obviously performed some kind of surgery on the debug logs here, it's difficult to determine precisely what the context for these two errors are. What is the single, full, unaltered debug output for the failure case you're actually trying to solve? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Brian vb -
Phil Mayers