Re: log file for free radius 1.1.6 eap-tls authentication
Hi pls find the o/p of radius -X.Also the log file is not coming. [root@localhost sbin]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = \"/usr/local\" main: localstatedir = \"/usr/local/var\" main: logdir = \"/usr/local/var/log/radius\" main: libdir = \"/usr/local/lib\" main: radacctdir = \"/usr/local/var/log/radius/radacct\" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = \"/usr/local/var/log/radius/radius.log\" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = \"/usr/local/var/run/radiusd/radiusd.pid\" main: user = \"(null)\" main: group = \"(null)\" main: usercollide = no main: lower_user = \"no\" main: lower_pass = \"no\" main: nospace_user = \"no\" main: nospace_pass = \"no\" main: checkrad = \"/usr/local/sbin/checkrad\" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = \"(null)\" exec: input_pairs = \"request\" exec: output_pairs = \"(null)\" exec: packet_type = \"(null)\" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = \"(null)\" unix: shadow = \"(null)\" unix: group = \"(null)\" unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = \"tls\" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = \"(null)\" tls: pem_file_type = yes tls: private_key_file = \"/etc/1x/07xwifi.pem\" tls: certificate_file = \"/etc/1x/07xwifi.pem\" tls: CA_file = \"/etc/1x/root.pem\" tls: private_key_password = \"password\" tls: dh_file = \"/etc/1x/DH\" tls: random_file = \"/etc/1x/random\" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = \"(null)\" tls: cipher_list = \"(null)\" tls: check_cert_issuer = \"(null)\" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = \"/etc/raddb/huntgroups\" preprocess: hints = \"/etc/raddb/hints\" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = \"suffix\" realm: delimiter = \"@\" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = \"/etc/raddb/users\" files: acctusersfile = \"/etc/raddb/acct_users\" files: preproxy_usersfile = \"/etc/raddb/preproxy_users\" files: compat = \"no\" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port\" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d\" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = \"/usr/local/var/log/radius/radutmp\" radutmp: username = \"%{User-Name}\" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.50:1026, id=0, length=213 Message-Authenticator = 0x348faa1d22631530332a81f21a480716 Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x02000014017361726176616e616b756d61723037 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module \"preprocess\" returns ok for request 0 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 20 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 0 modcall[authorize]: module \"files\" returns notfound for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module \"eap\" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 192.168.0.50 port 1026 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc1a1b99ed892aaa874bb2dabd58a9da3 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=1, length=307 Message-Authenticator = 0x4ee10f4214227b83aa487603fc4261db Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 State = 0xc1a1b99ed892aaa874bb2dabd58a9da3 Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020100600d800000005616030100510100004d0301465ac684a8794ef0e567e436456ba8869ab7189a3c1ae5716f3fdec38ae182a610193a5d3bf49222fa530aa6094dd80e76001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module \"preprocess\" returns ok for request 1 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 96 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 1 modcall[authorize]: module \"files\" returns notfound for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 04be], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 1 to 192.168.0.50 port 1026 EAP-Message = 0x0102040a0dc000000563160301004a020000460301465ac5ef2d0abda5b36cc686ccef0d9e8a907e16548ba82817b475b8cef9fe3b20f0328a38d5b438cbb376872879f3f0f89c7343ee8688765c8fc2ad235adbbef500040016030104be0b0004ba0004b700022b3082022730820190a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d3037303131333037353834305a170d3038303131333037353834305a305f310b300906035504061302494e310b3009060355040813 EAP-Message = 0x02544e310d300b060355040a1304536966793110300e06035504031307303778776966693122302006092a864886f70d01090116136a65796b756d61725f7340736966792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c6f366d39a74d8b66b561628be123f18f9b0a71f09b98d21b990e9a987d9acf3ceabd01df377e13da987a23f244496dfc0609e99ee03a9f44e51033cbb84c814d9d3225aacc7c67786fcd193d57c3f5ac16d7d1b83570152edca9ba9ff99ca4feffcb244551292fad52026afda1f876205e84a26b81cebd89fa03fd97e5f7fdb0203010001a317301530130603551d25040c300a06082b06 EAP-Message = 0x010505070301300d06092a864886f70d010104050003818100a4cbb4e6e8190d840edc9e61637a38ffa423b2a67e8d308c3005b8ec18318e94ddddbac0ccb1a15780c285de01622608f4caded74bab6f0c9d44dfdeb648e46bdd4de3606e4c7f86e5f86472722db409baffdb78eb6c7ad267a623e1155af13de26e83f3ce29b4f82baf551b756d2f49e5691cc1d80f6fb253b11e7a15bf296000028630820282308201eba003020102020100300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d30 EAP-Message = 0x37303131333037353830305a170d3038303131333037353830305a303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313073037787769666930819f300d06092a864886f70d010101050003818d0030818902818100ec232cf24bd548a586d614994a3f3b9ee699eb64a3bf9a0c90d7bc8afb39842c767c3613757b8d38a78ceaa6a499be55dcf997abb9963b3ef406b39f766054d8e37d35859e6bd5ce686c01eb63a25684afb79cd6796193355bd3ae67eae642701a34d1bc93426ade87434dadfbc8a8b0cae8137d97d2a267973f2213ebeefcfd0203010001a38195 EAP-Message = 0x308192301d0603551d0e04160414095ab44cec0cb80f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43e98998191c1122bfd72ba20764320b Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=2, length=217 Message-Authenticator = 0xe8a5d1b7a5f9a89d7e42afc6244ffff5 Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 State = 0x43e98998191c1122bfd72ba20764320b Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020200060d00 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module \"preprocess\" returns ok for request 2 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 2 modcall[authorize]: module \"files\" returns notfound for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 2 to 192.168.0.50 port 1026 EAP-Message = 0x0103016d0d80000005638c150861ea8bc609ed3cfbc030630603551d23045c305a8014095ab44cec0cb80f8c150861ea8bc609ed3cfbc0a13fa43d303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810019a69104ce7b395ddbb7a05ae632f71c590ba34e71b9a57cbe952eabed153fdacb07eb1c8d6db397f1f47a687103025a91b0431e73beac6e788de0af02e7d49e35808652dc4b2db60ccbcef9245239c47c785fb5c78c79ed7dd22d60ab6c19727e EAP-Message = 0xaa68ec38e3fc5b6e7716741e1f56eba981970face974b560ba07450ecdf817160301004c0d000044020102003f003d303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e06035504031307303778776966690e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8670b977c646e91adfd91786496c45ef Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=3, length=1117 Message-Authenticator = 0xa370f2b08e6e383872205a370026c41c Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 State = 0x8670b977c646e91adfd91786496c45ef Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020303840d800000037a160301034a0b00023a0002370002343082023030820199a0030201020202011f300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d3037303131393033343135305a170d3038303131393033343135305a3067310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453696679311830160603550403130f7361726176616e616b756d617230373122302006092a864886f70d01090116136a65796b756d61725f7340736966792e63 EAP-Message = 0x6f6d30819f300d06092a864886f70d010101050003818d0030818902818100b6413143a14d8666369a759ccad7ab221e73ec0cc73ad7346a6060b34e8571d1838d97cc4aa7a2f99a4be83b9bb5af5daeb3307909d5a44c9338a43b19b6c1f3ec6232eae8508103741d5eeb9b4e7f99b3c2b4b283fcef13cc1b34a087e240e2ab94fee8fce66687dd95690b23d20e84551cd24f385afb5cdb086f851f9900070203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010104050003818100ca0e708d266de50c32dc92d523eed3b11d4e678e2d7bdfeffca92e91b3be256b1533f53180c670c7e224671bbc EAP-Message = 0x1b1245c125bd2f3c252da361542f7d43e5b18db9d6904d92d1300a9e333d7ac7d8a8ec00aa3bed5d0c9f07028b62f004e6bcfbdee18f80740820065ea68c48cca932d6e3388b9837c944c42ddc92eed2eb66851000008200800e8d0f8c2bbe84a6c2a1dec24b1301126c5014bc64bb60aa57053af71ce790709036034dfd85c2cde680388e410bf11cf623f0469c605f058313088a50be37ef633cf901ce8613c4968ef8d1f369bb38903fbda7c4a197b8357706c2abb0358c558e3f8d1306d11043d7762749e5133b7d7eb2cd2a226888a14bbc626cd3dcd80f0000820080448775660120cb094f6cf29dce77ccc080f202df2e3e5a5e0dcc6f8308e6 EAP-Message = 0xc08f0e79440eec49c7b7fcb820bcecc8a3d02b8bffe75f901b9a1627479ae616e86d8a49ad93fb313b939cb73f5219b9230786cb348bed214a33e0499b638c3a3fffaa5b668d8d5324a0955f33bdf76524eff59a087c6fc15afd44bd75aa417546ee14030100010116030100205855ce98017c7c5ca87c91534c2fd241039ccad9a19ff4465cd7c040e9d540b7 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module \"preprocess\" returns ok for request 3 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 253 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 3 modcall[authorize]: module \"files\" returns notfound for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 023e], Certificate chain-depth=1, error=0 --> User-Name = saravanakumar07 --> BUF-Name = 07xwifi --> subject = /C=IN/ST=TN/O=Sify/CN=07xwifi --> issuer = /C=IN/ST=TN/O=Sify/CN=07xwifi --> verify return:1 chain-depth=0, error=0 --> User-Name = saravanakumar07 --> BUF-Name = saravanakumar07 --> subject = /C=IN/ST=TN/O=Sify/CN=saravanakumar07/emailAddress=jeykumar_s@sify.com --> issuer = /C=IN/ST=TN/O=Sify/CN=07xwifi --> verify return:1 TLS_accept: SSLv3 read client certificate A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify TLS_accept: SSLv3 read certificate verify A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 3 to 192.168.0.50 port 1026 EAP-Message = 0x010400350d800000002b14030100010116030100204162186f236f12a6774a934742937f8d6653973dbce3f01ee4c223e78617f9d4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5edb6911600c27ccf2a62bd801e114ab Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=4, length=217 Message-Authenticator = 0x885b78f58d62d0eec96b2535b1e9bfb1 Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 State = 0x5edb6911600c27ccf2a62bd801e114ab Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020400060d00 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module \"preprocess\" returns ok for request 4 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 4 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 4 modcall[authorize]: module \"files\" returns notfound for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap: Freeing handler modcall[authenticate]: module \"eap\" returns ok for request 4 modcall: leaving group authenticate (returns ok) for request 4 Login OK: [saravanakumar07] (from client private-network-1 port 1 cli 00-0E-35-F3-A1-67) Sending Access-Accept of id 4 to 192.168.0.50 port 1026 MS-MPPE-Recv-Key = 0xb6e9159f33592da50de909d1f12d8cdfa9b866be2d2b12f90f7edefa4c7af054 MS-MPPE-Send-Key = 0xca94e3cdf69257d148b01ccb582dbb3e45b06dbc4450b07850fb47288111daf0 EAP-Message = 0x03040004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = \"saravanakumar07\" Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 465ac5ef Cleaning up request 1 ID 1 with timestamp 465ac5ef Cleaning up request 2 ID 2 with timestamp 465ac5ef Cleaning up request 3 ID 3 with timestamp 465ac5ef Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 4 with timestamp 465ac5f0 Nothing to do. Sleeping until we see a request. [root@localhost sbin]#
Message: 5 Date: Mon, 28 May 2007 12:08:21 +0100 From: <tnt@kalik.co.yu> Subject: Re: log file for free radius 1.1.6 eap-tls authentication To: \"FreeRadius users mailing list\" <freeradius-users@lists.freeradius.org> Message-ID: <Bslo14cn.1180350501.8176480.tnt@kalik.co.yu> Content-Type: text/plain; charset=ISO-8859-2
Post the radiusd -X output of user not in users file being accepted.
Ivan Kalik Kalik Informatika ISP
Dana 28/5/2007, \"anoop_c@sifycorp.com\" <anoop_c@sifycorp.com> pi?e:
Hi all I have two quieres 1 I have changed the log_auth= yes Still i am not able to get logs.Pls find my configs prefix = /usr/local exec_prefix = ${prefix} sysconfdir = /etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = /usr/local/var/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct
# Location of config and logfiles. confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd
# # The logging messages for the server are appended to the # tail of this file. # log_file = /usr/local/var/log/radius/radius.log
log_stripped_names = no
# Log authentication requests to the log file. # # allowed values: {no, yes} # log_auth = yes
# Log passwords with the authentication requests. # log_auth_badpass - logs password if it\'s rejected # log_auth_goodpass - logs password if it\'s correct
2 While i am using Navis radius, ther will be one user file where you have to add all usernames.In free radius without adding the username also the authentication is working.I would like to have users file so that only the users specified in that will authenticate. Wat config change i should make for the same
This is EAP-TLS. This user has a valid user certificate and is accepted. If you don't want to go via certificates but use user/password, use EAP-TTLS with MS-CHAPv2 (or PAP or any other auth protocol). Ivan Kalik Kalik Informatika ISP Dana 28/5/2007, "anoop_c@sifycorp.com" <anoop_c@sifycorp.com> piše:
Hi pls find the o/p of radius -X.Also the log file is not coming.
[root@localhost sbin]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = \"/usr/local\" main: localstatedir = \"/usr/local/var\" main: logdir = \"/usr/local/var/log/radius\" main: libdir = \"/usr/local/lib\" main: radacctdir = \"/usr/local/var/log/radius/radacct\" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = \"/usr/local/var/log/radius/radius.log\" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = \"/usr/local/var/run/radiusd/radiusd.pid\" main: user = \"(null)\" main: group = \"(null)\" main: usercollide = no main: lower_user = \"no\" main: lower_pass = \"no\" main: nospace_user = \"no\" main: nospace_pass = \"no\" main: checkrad = \"/usr/local/sbin/checkrad\" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = \"(null)\" exec: input_pairs = \"request\" exec: output_pairs = \"(null)\" exec: packet_type = \"(null)\" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = \"(null)\" unix: shadow = \"(null)\" unix: group = \"(null)\" unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = \"tls\" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = \"(null)\" tls: pem_file_type = yes tls: private_key_file = \"/etc/1x/07xwifi.pem\" tls: certificate_file = \"/etc/1x/07xwifi.pem\" tls: CA_file = \"/etc/1x/root.pem\" tls: private_key_password = \"password\" tls: dh_file = \"/etc/1x/DH\" tls: random_file = \"/etc/1x/random\" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = \"(null)\" tls: cipher_list = \"(null)\" tls: check_cert_issuer = \"(null)\" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = \"/etc/raddb/huntgroups\" preprocess: hints = \"/etc/raddb/hints\" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = \"suffix\" realm: delimiter = \"@\" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = \"/etc/raddb/users\" files: acctusersfile = \"/etc/raddb/acct_users\" files: preproxy_usersfile = \"/etc/raddb/preproxy_users\" files: compat = \"no\" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port\" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d\" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = \"/usr/local/var/log/radius/radutmp\" radutmp: username = \"%{User-Name}\" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.50:1026, id=0, length=213 Message-Authenticator = 0x348faa1d22631530332a81f21a480716 Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x02000014017361726176616e616b756d61723037 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module \"preprocess\" returns ok for request 0 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 20 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 0 modcall[authorize]: module \"files\" returns notfound for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module \"eap\" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 192.168.0.50 port 1026 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc1a1b99ed892aaa874bb2dabd58a9da3 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=1, length=307 Message-Authenticator = 0x4ee10f4214227b83aa487603fc4261db Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 State = 0xc1a1b99ed892aaa874bb2dabd58a9da3 Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020100600d800000005616030100510100004d0301465ac684a8794ef0e567e436456ba8869ab7189a3c1ae5716f3fdec38ae182a610193a5d3bf49222fa530aa6094dd80e76001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module \"preprocess\" returns ok for request 1 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 96 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 1 modcall[authorize]: module \"files\" returns notfound for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 04be], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 1 to 192.168.0.50 port 1026 EAP-Message = 0x0102040a0dc000000563160301004a020000460301465ac5ef2d0abda5b36cc686ccef0d9e8a907e16548ba82817b475b8cef9fe3b20f0328a38d5b438cbb376872879f3f0f89c7343ee8688765c8fc2ad235adbbef500040016030104be0b0004ba0004b700022b3082022730820190a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d3037303131333037353834305a170d3038303131333037353834305a305f310b300906035504061302494e310b3009060355040813 EAP-Message = 0x02544e310d300b060355040a1304536966793110300e06035504031307303778776966693122302006092a864886f70d01090116136a65796b756d61725f7340736966792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c6f366d39a74d8b66b561628be123f18f9b0a71f09b98d21b990e9a987d9acf3ceabd01df377e13da987a23f244496dfc0609e99ee03a9f44e51033cbb84c814d9d3225aacc7c67786fcd193d57c3f5ac16d7d1b83570152edca9ba9ff99ca4feffcb244551292fad52026afda1f876205e84a26b81cebd89fa03fd97e5f7fdb0203010001a317301530130603551d25040c300a06082b06 EAP-Message = 0x010505070301300d06092a864886f70d010104050003818100a4cbb4e6e8190d840edc9e61637a38ffa423b2a67e8d308c3005b8ec18318e94ddddbac0ccb1a15780c285de01622608f4caded74bab6f0c9d44dfdeb648e46bdd4de3606e4c7f86e5f86472722db409baffdb78eb6c7ad267a623e1155af13de26e83f3ce29b4f82baf551b756d2f49e5691cc1d80f6fb253b11e7a15bf296000028630820282308201eba003020102020100300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d30 EAP-Message = 0x37303131333037353830305a170d3038303131333037353830305a303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313073037787769666930819f300d06092a864886f70d010101050003818d0030818902818100ec232cf24bd548a586d614994a3f3b9ee699eb64a3bf9a0c90d7bc8afb39842c767c3613757b8d38a78ceaa6a499be55dcf997abb9963b3ef406b39f766054d8e37d35859e6bd5ce686c01eb63a25684afb79cd6796193355bd3ae67eae642701a34d1bc93426ade87434dadfbc8a8b0cae8137d97d2a267973f2213ebeefcfd0203010001a38195 EAP-Message = 0x308192301d0603551d0e04160414095ab44cec0cb80f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43e98998191c1122bfd72ba20764320b Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=2, length=217 Message-Authenticator = 0xe8a5d1b7a5f9a89d7e42afc6244ffff5 Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 State = 0x43e98998191c1122bfd72ba20764320b Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020200060d00 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module \"preprocess\" returns ok for request 2 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 2 modcall[authorize]: module \"files\" returns notfound for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 2 to 192.168.0.50 port 1026 EAP-Message = 0x0103016d0d80000005638c150861ea8bc609ed3cfbc030630603551d23045c305a8014095ab44cec0cb80f8c150861ea8bc609ed3cfbc0a13fa43d303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810019a69104ce7b395ddbb7a05ae632f71c590ba34e71b9a57cbe952eabed153fdacb07eb1c8d6db397f1f47a687103025a91b0431e73beac6e788de0af02e7d49e35808652dc4b2db60ccbcef9245239c47c785fb5c78c79ed7dd22d60ab6c19727e EAP-Message = 0xaa68ec38e3fc5b6e7716741e1f56eba981970face974b560ba07450ecdf817160301004c0d000044020102003f003d303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e06035504031307303778776966690e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8670b977c646e91adfd91786496c45ef Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=3, length=1117 Message-Authenticator = 0xa370f2b08e6e383872205a370026c41c Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 State = 0x8670b977c646e91adfd91786496c45ef Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020303840d800000037a160301034a0b00023a0002370002343082023030820199a0030201020202011f300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d3037303131393033343135305a170d3038303131393033343135305a3067310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453696679311830160603550403130f7361726176616e616b756d617230373122302006092a864886f70d01090116136a65796b756d61725f7340736966792e63 EAP-Message = 0x6f6d30819f300d06092a864886f70d010101050003818d0030818902818100b6413143a14d8666369a759ccad7ab221e73ec0cc73ad7346a6060b34e8571d1838d97cc4aa7a2f99a4be83b9bb5af5daeb3307909d5a44c9338a43b19b6c1f3ec6232eae8508103741d5eeb9b4e7f99b3c2b4b283fcef13cc1b34a087e240e2ab94fee8fce66687dd95690b23d20e84551cd24f385afb5cdb086f851f9900070203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010104050003818100ca0e708d266de50c32dc92d523eed3b11d4e678e2d7bdfeffca92e91b3be256b1533f53180c670c7e224671bbc EAP-Message = 0x1b1245c125bd2f3c252da361542f7d43e5b18db9d6904d92d1300a9e333d7ac7d8a8ec00aa3bed5d0c9f07028b62f004e6bcfbdee18f80740820065ea68c48cca932d6e3388b9837c944c42ddc92eed2eb66851000008200800e8d0f8c2bbe84a6c2a1dec24b1301126c5014bc64bb60aa57053af71ce790709036034dfd85c2cde680388e410bf11cf623f0469c605f058313088a50be37ef633cf901ce8613c4968ef8d1f369bb38903fbda7c4a197b8357706c2abb0358c558e3f8d1306d11043d7762749e5133b7d7eb2cd2a226888a14bbc626cd3dcd80f0000820080448775660120cb094f6cf29dce77ccc080f202df2e3e5a5e0dcc6f8308e6 EAP-Message = 0xc08f0e79440eec49c7b7fcb820bcecc8a3d02b8bffe75f901b9a1627479ae616e86d8a49ad93fb313b939cb73f5219b9230786cb348bed214a33e0499b638c3a3fffaa5b668d8d5324a0955f33bdf76524eff59a087c6fc15afd44bd75aa417546ee14030100010116030100205855ce98017c7c5ca87c91534c2fd241039ccad9a19ff4465cd7c040e9d540b7 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module \"preprocess\" returns ok for request 3 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 253 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 3 modcall[authorize]: module \"files\" returns notfound for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 023e], Certificate chain-depth=1, error=0 --> User-Name = saravanakumar07 --> BUF-Name = 07xwifi --> subject = /C=IN/ST=TN/O=Sify/CN=07xwifi --> issuer = /C=IN/ST=TN/O=Sify/CN=07xwifi --> verify return:1 chain-depth=0, error=0 --> User-Name = saravanakumar07 --> BUF-Name = saravanakumar07 --> subject = /C=IN/ST=TN/O=Sify/CN=saravanakumar07/emailAddress=jeykumar_s@sify.com --> issuer = /C=IN/ST=TN/O=Sify/CN=07xwifi --> verify return:1 TLS_accept: SSLv3 read client certificate A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify TLS_accept: SSLv3 read certificate verify A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 3 to 192.168.0.50 port 1026 EAP-Message = 0x010400350d800000002b14030100010116030100204162186f236f12a6774a934742937f8d6653973dbce3f01ee4c223e78617f9d4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5edb6911600c27ccf2a62bd801e114ab Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=4, length=217 Message-Authenticator = 0x885b78f58d62d0eec96b2535b1e9bfb1 Service-Type = Framed-User User-Name = \"saravanakumar07\" Framed-MTU = 1488 State = 0x5edb6911600c27ccf2a62bd801e114ab Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020400060d00 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module \"preprocess\" returns ok for request 4 rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 4 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 4 modcall[authorize]: module \"files\" returns notfound for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap: Freeing handler modcall[authenticate]: module \"eap\" returns ok for request 4 modcall: leaving group authenticate (returns ok) for request 4 Login OK: [saravanakumar07] (from client private-network-1 port 1 cli 00-0E-35-F3-A1-67) Sending Access-Accept of id 4 to 192.168.0.50 port 1026 MS-MPPE-Recv-Key = 0xb6e9159f33592da50de909d1f12d8cdfa9b866be2d2b12f90f7edefa4c7af054 MS-MPPE-Send-Key = 0xca94e3cdf69257d148b01ccb582dbb3e45b06dbc4450b07850fb47288111daf0 EAP-Message = 0x03040004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = \"saravanakumar07\" Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 465ac5ef Cleaning up request 1 ID 1 with timestamp 465ac5ef Cleaning up request 2 ID 2 with timestamp 465ac5ef Cleaning up request 3 ID 3 with timestamp 465ac5ef Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 4 with timestamp 465ac5f0 Nothing to do. Sleeping until we see a request.
[root@localhost sbin]#
Message: 5 Date: Mon, 28 May 2007 12:08:21 +0100 From: <tnt@kalik.co.yu> Subject: Re: log file for free radius 1.1.6 eap-tls authentication To: \"FreeRadius users mailing list\" <freeradius-users@lists.freeradius.org> Message-ID: <Bslo14cn.1180350501.8176480.tnt@kalik.co.yu> Content-Type: text/plain; charset=ISO-8859-2
Post the radiusd -X output of user not in users file being accepted.
Ivan Kalik Kalik Informatika ISP
Dana 28/5/2007, \"anoop_c@sifycorp.com\" <anoop_c@sifycorp.com> pi?e:
Hi all I have two quieres 1 I have changed the log_auth= yes Still i am not able to get logs.Pls find my configs prefix = /usr/local exec_prefix = ${prefix} sysconfdir = /etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = /usr/local/var/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct
# Location of config and logfiles. confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd
# # The logging messages for the server are appended to the # tail of this file. # log_file = /usr/local/var/log/radius/radius.log
log_stripped_names = no
# Log authentication requests to the log file. # # allowed values: {no, yes} # log_auth = yes
# Log passwords with the authentication requests. # log_auth_badpass - logs password if it\'s rejected # log_auth_goodpass - logs password if it\'s correct
2 While i am using Navis radius, ther will be one user file where you have to add all usernames.In free radius without adding the username also the authentication is working.I would like to have users file so that only the users specified in that will authenticate. Wat config change i should make for the same
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
anoop_c@sifycorp.com -
tnt@kalik.co.yu