I fail to authenticate my user, and it seems to me that it's a problem with the certificates Could you please check the attached radius log to see if that is the real problem I am interested in the user having the mac:00-1D-E1-00-EA-02 Thank you in advance Cristian NOVAC Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "ttls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/server-key.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/server.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/ca-cert.pem" tls: private_key_password = "asb#1234" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: session_resume = 1 rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "mschapv2" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 sim: fast_reauth = no sim: success_notification = no rlm_eap_sim: fast_reauth = 0 rlm_eap_sim: success_notification = 0 rlm_eap: Loaded and initialized type sim Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Initializing the thread pool... thread: start_servers = 5 thread: max_servers = 32 thread: min_spare_servers = 3 thread: max_spare_servers = 10 thread: max_requests_per_server = 0 thread: cleanup_delay = 5 Thread spawned new child 1. Total threads in pool: 1 Thread spawned new child 2. Total threads in pool: 2 Thread spawned new child 3. Total threads in pool: 3 Thread spawned new child 4. Total threads in pool: 4 Thread spawned new child 5. Total threads in pool: 5 Thread pool initialized Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. Thread 1 waiting to be assigned a request Thread 2 waiting to be assigned a request Thread 3 waiting to be assigned a request Thread 4 waiting to be assigned a request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36611, id=3, length=127 --- Walking the entire request list --- Thread 1 got semaphore Waking up in 31 seconds... Thread 1 handling request 0, (1 handled so far) Threads: total/active/spare threads = 5/1/4 Calling-Station-Id = "00-1D-E1-00-EA-02" Message-Authenticator = 0x8291dad6df5836811819e1c7ad74d3f2 EAP-Message = 0x0210001601616e6f6e796d6f7573406173622e636f6d Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 16 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: try to find eap sim reauthentication_id anonymous@asb.com rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 3 to 192.168.73.154:36611 EAP-Message = 0x011100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaac1d9c8da1dcb338e7e990cf2f0b979 Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36611, id=4, length=183 --- Walking the entire request list --- Thread 2 got semaphore Waking up in 5 seconds... Thread 2 handling request 1, (1 handled so far) Calling-Station-Id = "00-1D-E1-00-EA-02" Message-Authenticator = 0xda4401f2ac6586c7d17cf733d18bad33 EAP-Message = 0x0211003c150016030100310100002d0301884dc646a52fdd3582d4e9de7a868ef81d7eabd82c706922b81f0fafc3f18cc9000006002f000400050100 Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 State = 0xaac1d9c8da1dcb338e7e990cf2f0b979 WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 17 length 60 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0031], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 046a], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode hit in SSL is 0 eaptls_process returned 13 handler->eap_ds->request->code 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 4 to 192.168.73.154:36611 EAP-Message = 0x0112040a15c0000004c7160301004a02000046030147d010aff8795486d6bdf04c53bed2570bec9c3d28bfd6ef37eb108bd29a09bf2062ebd0824b607bc5ad276a2b6a6bccd344273b70eeec3517ff345b784189adc5002f00160301046a0b000466000463000226308202223082018b020101300d06092a864886f70d01010405003062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d4158310f300d06035504031306506965727265301e170d3037303630313138313434335a170d30383035 EAP-Message = 0x33313138313434335a3051310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d415830819f300d06092a864886f70d010101050003818d0030818902818100d2f0f90c8642ec9c13507f01fc6cb2f985d3a5a076e6e7a9471d0ffd3677dd32bd27d80f60ed533860acbc5c83a6dd7a17a50415ddd6dc7cfa0b6af26b531245618b4061e243b9200bedf395896ce843df685565c665be33e3a956a42dd043d7b577f7831a09d20528c247c9a0409b1fbfd172c55b23392de4e8288b346debdf02030100 EAP-Message = 0x01300d06092a864886f70d01010405000381810024fc81e502a0b181ef90cd78fb14895e1af9d772e0af8cb31e8d2af1456e8569785a37e4fb6e9d44612d65640e28405c18fa351dd16265456ff5effdc781b510858a15ff39de9885d2767981289869bed93b57305ef358bebb146e1d4e8cb6a17bde2c92112b749ae6bbf7c27ea7babc9ef336a3e166256921bbbbf3734c4c87000237308202333082019c020100300d06092a864886f70d01010405003062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b EAP-Message = 0x130557694d4158310f300d06035504031306506965727265301e170d3037303630313138313432375a170d3038303533313138313432375a3062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d4158310f300d0603550403130650696572726530819f300d06092a864886f70d010101050003818d0030818902818100cf3db5db748b10fe1ce2594cefeb8861531c9c72fca5913ae4427569fe588c6042347f2e01265171e4d6d4b471b077bebbabfecf2b0b23587e9189b4b1d7d17bc145133b EAP-Message = 0x32b59832859af826c0cd6f485b9667d8e679bc577438 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc08c7dcc952a42b2812bfffc783cee12 Finished request 1 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36611, id=5, length=129 Waking up in 5 seconds... Thread 3 got semaphore Threads: total/active/spare threads = 5/0/5 Thread 3 handling request 2, (1 handled so far) Calling-Station-Id = "00-1D-E1-00-EA-02" Message-Authenticator = 0x5f6607a53f8ea2386219a99131f58800 EAP-Message = 0x021200061500 Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 State = 0xc08c7dcc952a42b2812bfffc783cee12 WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 18 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 handler->eap_ds->request->code 1 modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 5 to 192.168.73.154:36611 EAP-Message = 0x011300d11580000004c7eefd87743d27254bfd37b497b52f4594d138e842abfd73bf76056e03cbe568395d1f61ee91210203010001300d06092a864886f70d0101040500038181009d3f0c63a2c40e5cc595dc7a139b4354075294e108bc0692e8ba090f2d2f725d6e8cfa57087fad5d05022579a6a26d2698de1e20907775c427aa7ded1fe3f591ea18a3db3688717ab25fb56e2c75170b54fccfb134708a044aa6661180bc4a6abc5054c7786ca7021fc4d89172ca7eb28d19f3c2064986a3a36e359cfea29ac616030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x32455d7cb5e959632d4d8d952c8259cf Finished request 2 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36611, id=6, length=136 --- Walking the entire request list --- Thread 4 got semaphore Waking up in 4 seconds... Thread 4 handling request 3, (1 handled so far) Threads: total/active/spare threads = 5/1/4 Calling-Station-Id = "00-1D-E1-00-EA-02" Message-Authenticator = 0xd5d1c6b781c0e5d4c99ea02cb7890da8 EAP-Message = 0x0213000d15001503010002022e Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 State = 0x32455d7cb5e959632d4d8d952c8259cf WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 19 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal certificate_unknown TLS Alert read:fatal:certificate unknown TLS_accept:failed in SSLv3 read client certificate A 6040:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1052:SSL alert number 46 6040:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. In SSL Handshake Phase In SSL Accept mode hit in SSL is 0 rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. eaptls_process returned 13 handler->eap_ds->request->code 4 rlm_eap: Freeing handler ?rlm_eap: Request code is 4 ?rlm_eap: Request type is 0 modcall[authenticate]: module "eap" returns reject for request 3 modcall: group authenticate returns reject for request 3 auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request Thread 4 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36611, id=6, length=136 Sending Access-Reject of id 6 to 192.168.73.154:36611 EAP-Message = 0x04130004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 1 seconds... Threads: total/active/spare threads = 5/0/5 --- Walking the entire request list --- Cleaning up request 0 ID 3 with timestamp 47d010ae Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 4 with timestamp 47d010af Cleaning up request 2 ID 5 with timestamp 47d010af Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 6 with timestamp 47d010b0 Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 192.168.73.154:36612, id=3, length=149 --- Walking the entire request list --- Thread 5 got semaphore Waking up in 31 seconds... Thread 5 handling request 4, (1 handled so far) Threads: total/active/spare threads = 5/1/4 User-Name = "anonymous" NAS-IP-Address = 192.168.73.154 Calling-Station-Id = "00-17-C4-07-A7-6F" Acct-Status-Type = Stop Acct-Session-Id = "e776c547bc080000" Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Session-Time = 812 Acct-Terminate-Cause = User-Request Framed-IP-Address = 192.168.247.8 WiMAX-Attr-46 = 0x00313131383838 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 4 modcall[preacct]: module "preprocess" returns noop for request 4 rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.73.154,NAS-IP-Address = 192.168.73.154,Acct-Session-Id = "e776c547bc080000",User-Name = "anonymous"' rlm_acct_unique: Acct-Unique-Session-ID = "b21ad07d157778ed". modcall[preacct]: module "acct_unique" returns ok for request 4 rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 4 modcall[preacct]: module "files" returns noop for request 4 modcall: group preacct returns ok for request 4 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 4 radius_xlat: '/usr/local/var/log/radius/radacct/192.168.73.154/detail-20080306' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.73.154/detail-20080306 modcall[accounting]: module "detail" returns ok for request 4 modcall[accounting]: module "unix" returns noop for request 4 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'anonymous' rlm_radutmp: Logout entry for NAS WAC4 port 0 has wrong ID modcall[accounting]: module "radutmp" returns ok for request 4 modcall: group accounting returns ok for request 4 Sending Accounting-Response of id 3 to 192.168.73.154:36612 Finished request 4 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36613, id=3, length=127 --- Walking the entire request list --- Thread 1 got semaphore Cleaning up request 4 ID 3 with timestamp 47d010be Thread 1 handling request 5, (2 handled so far) Waking up in 5 seconds... Calling-Station-Id = "00-17-C4-07-A7-6F" Message-Authenticator = 0xebfdba29e1618b09fd0c8ead8d908cce EAP-Message = 0x0239001601616e6f6e796d6f7573406173622e636f6d Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 57 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: try to find eap sim reauthentication_id anonymous@asb.com rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 3 to 192.168.73.154:36613 EAP-Message = 0x013a00061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x68b1a4e9a6996bfdbb4c6244a6485cca Finished request 5 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36613, id=4, length=231 Waking up in 5 seconds... Thread 2 got semaphore Threads: total/active/spare threads = 5/0/5 Thread 2 handling request 6, (2 handled so far) Calling-Station-Id = "00-17-C4-07-A7-6F" Message-Authenticator = 0x8abf7d43aa46780dae5f9ee6a38a58e5 EAP-Message = 0x023a006c150016030100610100005d030147d010c1062e8b77cc914707647119a6738f9ef01a6e9b54e2e2ade4c6f3f04f00003600390038003500160013000a00330032002f0007006600050004006300620061001500120009006500640060001400110008000600030100 Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 State = 0x68b1a4e9a6996bfdbb4c6244a6485cca WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 58 length 108 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 046a], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode hit in SSL is 0 eaptls_process returned 13 handler->eap_ds->request->code 1 modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 4 to 192.168.73.154:36613 EAP-Message = 0x013b040a15c0000005d9160301004a02000046030147d010c256d25c1c72c637fafe2b7975eb9a2e593ec9a090f93ae6951ec984b2204cfd7c3b3f67d40f929634c91bafe5fc517a11007b5f9c117b5f4d22a1dee994003900160301046a0b000466000463000226308202223082018b020101300d06092a864886f70d01010405003062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d4158310f300d06035504031306506965727265301e170d3037303630313138313434335a170d30383035 EAP-Message = 0x33313138313434335a3051310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d415830819f300d06092a864886f70d010101050003818d0030818902818100d2f0f90c8642ec9c13507f01fc6cb2f985d3a5a076e6e7a9471d0ffd3677dd32bd27d80f60ed533860acbc5c83a6dd7a17a50415ddd6dc7cfa0b6af26b531245618b4061e243b9200bedf395896ce843df685565c665be33e3a956a42dd043d7b577f7831a09d20528c247c9a0409b1fbfd172c55b23392de4e8288b346debdf02030100 EAP-Message = 0x01300d06092a864886f70d01010405000381810024fc81e502a0b181ef90cd78fb14895e1af9d772e0af8cb31e8d2af1456e8569785a37e4fb6e9d44612d65640e28405c18fa351dd16265456ff5effdc781b510858a15ff39de9885d2767981289869bed93b57305ef358bebb146e1d4e8cb6a17bde2c92112b749ae6bbf7c27ea7babc9ef336a3e166256921bbbbf3734c4c87000237308202333082019c020100300d06092a864886f70d01010405003062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b EAP-Message = 0x130557694d4158310f300d06035504031306506965727265301e170d3037303630313138313432375a170d3038303533313138313432375a3062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d4158310f300d0603550403130650696572726530819f300d06092a864886f70d010101050003818d0030818902818100cf3db5db748b10fe1ce2594cefeb8861531c9c72fca5913ae4427569fe588c6042347f2e01265171e4d6d4b471b077bebbabfecf2b0b23587e9189b4b1d7d17bc145133b EAP-Message = 0x32b59832859af826c0cd6f485b9667d8e679bc577438 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7eac65a87a64bfb068586cc5410ded4b Finished request 6 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36613, id=5, length=129 --- Walking the entire request list --- Thread 3 got semaphore Waking up in 5 seconds... Thread 3 handling request 7, (2 handled so far) Threads: total/active/spare threads = 5/1/4 Calling-Station-Id = "00-17-C4-07-A7-6F" Message-Authenticator = 0xebde58a5ab3de6dc4ffb02b3dcf36bd7 EAP-Message = 0x023b00061500 Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 State = 0x7eac65a87a64bfb068586cc5410ded4b WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 59 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 handler->eap_ds->request->code 1 modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 Sending Access-Challenge of id 5 to 192.168.73.154:36613 EAP-Message = 0x013c01e31580000005d9eefd87743d27254bfd37b497b52f4594d138e842abfd73bf76056e03cbe568395d1f61ee91210203010001300d06092a864886f70d0101040500038181009d3f0c63a2c40e5cc595dc7a139b4354075294e108bc0692e8ba090f2d2f725d6e8cfa57087fad5d05022579a6a26d2698de1e20907775c427aa7ded1fe3f591ea18a3db3688717ab25fb56e2c75170b54fccfb134708a044aa6661180bc4a6abc5054c7786ca7021fc4d89172ca7eb28d19f3c2064986a3a36e359cfea29ac6160301010d0c0001090040ddbe40a44987b7a1a0ee13b17ae444df43f2006b89991366bf2ea5f44da06caf96b284371bcacda5a95c EAP-Message = 0xaaad5c4d9ebfcebdb8631e454ce6b52c40b959cdf43f0001050040197efd9ce37c443fca870d69508d6283a6db0ab9b4df6f4b39698751bc4135d7bcc5f36f5da577cfc54a3df3376f68d61c560d8a8d49a761e362f45979b3958b0080ac876398d0ed832f42dd5534071b140101816413a85344f60c5cf6e6ba6519b1686ed03e27ff2b630df24a270a9b5ab58cdaf509bcdeeea28fd6938e35d8e24317f168d853b3244ed54c9a2fa9abd6a4e8e97c9017eeaadc024ab0ec58086e03c70f8980836a8d025c5ec8069a25a2d5717728d3b888a66f959d374ac1aa4e4216030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x02cf9c6a9b021fede7ca3d03b3974231 Finished request 7 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36613, id=6, length=263 Waking up in 5 seconds... Thread 4 got semaphore Threads: total/active/spare threads = 5/0/5 Thread 4 handling request 8, (2 handled so far) Calling-Station-Id = "00-17-C4-07-A7-6F" Message-Authenticator = 0xebb84710d8e1ee326582b244334ceaab EAP-Message = 0x023c008c15001603010046100000420040a8d9095e782bb3e8f1e27782efbbd97fd2238c95a80293f2e49dbf0eb2e77f8483b4e4acd4096ab35508e3900277bcd103f04bbe56e02b8f97b7a66d6d85ab301403010001011603010030f12358f1c2e40f67e44110cde63c151be35e78e8ff3837cc293d036a0edc91aa3991636a170690fb35f21d63fea60de9 Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 State = 0x02cf9c6a9b021fede7ca3d03b3974231 WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 60 length 140 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established sesssion resume success is 0 hit in SSL is 0 eaptls_process returned 13 handler->eap_ds->request->code 1 modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8 Sending Access-Challenge of id 6 to 192.168.73.154:36613 EAP-Message = 0x013d004515800000003b1403010001011603010030ebbc6c474a922d584bd02c05514784da8a2eb181ada3001188dd5c975880e6b1bc5891c8614c64da0858eab3a49187ba Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5198c6819e3056ec67259b521453ca30 Finished request 8 Going to the next request Thread 4 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.73.154:36613, id=7, length=283 Waking up in 5 seconds... Thread 5 got semaphore Thread 5 handling request 9, (2 handled so far) Calling-Station-Id = "00-17-C4-07-A7-6F" Message-Authenticator = 0xe56ca5a60040e21c24a97be9df7715e7 EAP-Message = 0x023d00a0150017030100204b1e4addbd6af56259877143afecec118a792b91a52bb94dfc865c94d5c06bfa170301007081cbe09cd68f5633c9842c9fc3d691d9734b4a26d5847154aa65672ae8665e3728d221e03b91e66e72201f00037ad5b324ad88a4069b17e1a5900f6c0ecf1bc025e426f0a883bc9ff78f895b895b835516e04441587a8f8cef3c1a1a9917c8b36de5a3ba5c0b17ae8851640da1e251b6 Framed-MTU = 3795 User-Name = "anonymous@asb.com" NAS-IP-Address = 192.168.73.154 State = 0x5198c6819e3056ec67259b521453ca30 WiMAX-Attr-46 = 0x00313131383838 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 61 length 160 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation rlm_eap: try to find eap sim reauthentication_id anonymous rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 modcall[authorize]: module "files" returns ok for request 9 modcall: group authorize returns updated for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 handler->eap_ds->request->code 0 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. before BIO_write in eapttls_process,data_len is 154 after SSL_read in eapttls_process,err is 80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: Looking up realm "asb.com" for User-Name = "OnAir_20_10@asb.com" rlm_realm: Found realm "asb.com" rlm_realm: Adding Stripped-User-Name = "OnAir_20_10" rlm_realm: Proxying request from user OnAir_20_10 to realm asb.com rlm_realm: Adding Realm = "asb.com" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 9 users: Matched entry DEFAULT at line 1095 users: Matched entry DEFAULT at line 1279 users: Matched entry DEFAULT at line 1522 users: Matched entry DEFAULT at line 1706 users: Matched entry DEFAULT at line 1899 users: Matched entry OnAir_20_10 at line 2291 modcall[authorize]: module "files" returns ok for request 9 modcall: group authorize returns ok for request 9 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied CHAP-Password matches local User-Password TTLS: Got tunneled Access-Accept modcall[authenticate]: module "eap" returns ok for request 9 modcall: group authenticate returns ok for request 9 Sending Access-Accept of id 7 to 192.168.73.154:36613 Session-Timeout = 1800000000 Termination-Action = RADIUS-Request 3GPP2-Service-Option-Profile = 0x000000020104a70101048101 Service-Flow-Descriptor += 0x000104000102040001040303050304060301070301080302 QoS-Descriptor += 0x000103010403020503000606009c40000806000027100c0302 QoS-Descriptor += 0x000103020403020503000606013880000806000027100c0302 MS-MPPE-Recv-Key = 0x027c610548c499a519e16785b4d14b19ca57b2ba7fd5b974da26cdc43a415211 MS-MPPE-Send-Key = 0x9f2a3801203ed2746de3f1bdadc187dcc2b713733ba89a61a2810b70d386a9ab EAP-Message = 0x033d0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "anonymous" State = 0xea057d6c7d9c28ca4932f91de9a5b888 Finished request 9 Going to the next request Thread 5 waiting to be assigned a request
Cristian, It seems that the problem you're having is with a specific client certificate as I see Access-Accept's on the log file you sent me. Make sure that the client certificate is not expired and that the client is using the right password for the CA (Root) certificate. Regards, Emilio -----Original Message----- From: freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org] On Behalf Of Cristian Novac Sent: Thursday, March 06, 2008 11:21 AM To: FreeRadius users mailing list Subject: problem with MSCHAPv2 I fail to authenticate my user, and it seems to me that it's a problem with the certificates Could you please check the attached radius log to see if that is the real problem I am interested in the user having the mac:00-1D-E1-00-EA-02 Thank you in advance Cristian NOVAC
participants (2)
-
Cristian Novac -
Escobar, Emilio