HI Ivan Thanks. Yes i have double click on the ca.der file and client.p12 both were installed successfuly. I also manaed to set up my SSID palstaff and when i click on the SSID i see a pop up windows on my wireles LAN asking for my username on certificate and i selected devinder@palettemm.com from the combo drop down list and click OK when i click OK radius reports the following error TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> devinder@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 133 to 203.121.4.59 port 6001 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.6 seconds. Cleaning up request 0 ID 127 with timestamp +18 Cleaning up request 1 ID 128 with timestamp +18 Cleaning up request 2 ID 129 with timestamp +18 Cleaning up request 3 ID 130 with timestamp +18 Cleaning up request 4 ID 131 with timestamp +18 Waking up in 0.2 seconds. Cleaning up request 5 ID 132 with timestamp +18 Waking up in 1.0 seconds. Cleaning up request 6 ID 133 with timestamp +19 Ready to process requests. 2009/8/4 Ivan Kalik <tnt@kalik.net>:
I mnaged to follow the steps in /etc/raddb/certs/README
and copied ca.der and client.p12 to XP machine
It looks like you have copied them but not installed them in the certificate store. Double-click the certificates and install them first.
Ivan Kalik Kalik Informatika ISP
-- Devinder
Ok i took your advise and yes its a diffeenrent error now Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 203.121.4.59 port 6001, id=134, length=181 User-Name = "devinder@palettemm.com" NAS-IP-Address = 203.121.4.59 Called-Station-Id = "00-20-a6-6c-49-9d:palstaff" Calling-Station-Id = "00-04-23-7b-56-b9" NAS-Identifier = "ORiNOCO-AP-700-6c-49-9d" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203001b01646576696e6465724070616c657474656d6d2e636f6d Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "palettemm.com" for User-Name = "devinder@palettemm.com" [suffix] No such realm "palettemm.com" ++[suffix] returns noop [eap] EAP packet type response id 3 length 27 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry devinder@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 134 to 203.121.4.59 port 6001 EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x17b5db9117b1dfd16583cca5ed9db022 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 134 with timestamp +1 Ready to process requests. 2009/8/4 Devinder Singh <devinbhullar@gmail.com>:
HI Ivan
Thanks. Yes i have double click on the ca.der file and client.p12 both were installed successfuly.
I also manaed to set up my SSID palstaff and when i click on the SSID i see a pop up windows on my wireles LAN asking for my username on certificate and i selected
devinder@palettemm.com from the combo drop down list and click OK
when i click OK radius reports the following error
TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> devinder@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 133 to 203.121.4.59 port 6001 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.6 seconds. Cleaning up request 0 ID 127 with timestamp +18 Cleaning up request 1 ID 128 with timestamp +18 Cleaning up request 2 ID 129 with timestamp +18 Cleaning up request 3 ID 130 with timestamp +18 Cleaning up request 4 ID 131 with timestamp +18 Waking up in 0.2 seconds. Cleaning up request 5 ID 132 with timestamp +18 Waking up in 1.0 seconds. Cleaning up request 6 ID 133 with timestamp +19 Ready to process requests.
2009/8/4 Ivan Kalik <tnt@kalik.net>:
I mnaged to follow the steps in /etc/raddb/certs/README
and copied ca.der and client.p12 to XP machine
It looks like you have copied them but not installed them in the certificate store. Double-click the certificates and install them first.
Ivan Kalik Kalik Informatika ISP
-- Devinder
-- Devinder
Hi Ivan I still get the same error now Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] <<< TLS 1.0 Handshake [length 03b2], Certificate --> verify error:num=20:unable to get local issuer certificate [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> devinder@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 141 to 203.121.4.59 port 6001 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.8 seconds. Cleaning up request 1 ID 135 with timestamp +120 Cleaning up request 2 ID 136 with timestamp +120 Cleaning up request 3 ID 137 with timestamp +120 Cleaning up request 4 ID 138 with timestamp +120 Cleaning up request 5 ID 139 with timestamp +120 Cleaning up request 6 ID 140 with timestamp +120 Waking up in 1.0 seconds. Cleaning up request 7 ID 141 with timestamp +120 Ready to process requests. 2009/8/4 Devinder Singh <devinbhullar@gmail.com>:
Ok i took your advise and yes its a diffeenrent error now
Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 203.121.4.59 port 6001, id=134, length=181 User-Name = "devinder@palettemm.com" NAS-IP-Address = 203.121.4.59 Called-Station-Id = "00-20-a6-6c-49-9d:palstaff" Calling-Station-Id = "00-04-23-7b-56-b9" NAS-Identifier = "ORiNOCO-AP-700-6c-49-9d" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203001b01646576696e6465724070616c657474656d6d2e636f6d Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "palettemm.com" for User-Name = "devinder@palettemm.com" [suffix] No such realm "palettemm.com" ++[suffix] returns noop [eap] EAP packet type response id 3 length 27 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry devinder@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 134 to 203.121.4.59 port 6001 EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x17b5db9117b1dfd16583cca5ed9db022 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 134 with timestamp +1 Ready to process requests.
2009/8/4 Devinder Singh <devinbhullar@gmail.com>:
HI Ivan
Thanks. Yes i have double click on the ca.der file and client.p12 both were installed successfuly.
I also manaed to set up my SSID palstaff and when i click on the SSID i see a pop up windows on my wireles LAN asking for my username on certificate and i selected
devinder@palettemm.com from the combo drop down list and click OK
when i click OK radius reports the following error
TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> devinder@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 133 to 203.121.4.59 port 6001 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.6 seconds. Cleaning up request 0 ID 127 with timestamp +18 Cleaning up request 1 ID 128 with timestamp +18 Cleaning up request 2 ID 129 with timestamp +18 Cleaning up request 3 ID 130 with timestamp +18 Cleaning up request 4 ID 131 with timestamp +18 Waking up in 0.2 seconds. Cleaning up request 5 ID 132 with timestamp +18 Waking up in 1.0 seconds. Cleaning up request 6 ID 133 with timestamp +19 Ready to process requests.
2009/8/4 Ivan Kalik <tnt@kalik.net>:
I mnaged to follow the steps in /etc/raddb/certs/README
and copied ca.der and client.p12 to XP machine
It looks like you have copied them but not installed them in the certificate store. Double-click the certificates and install them first.
Ivan Kalik Kalik Informatika ISP
-- Devinder
-- Devinder
-- Devinder
participants (1)
-
Devinder Singh