I can't get 'access-accept' from Linux clients
Hi, I can't still figure it out why I can't access from Linux clients. I use version 1.1.7 of freeradius. Linux client is a Fedora 8 system. I use Freeradius+eap+ttls. Users accounts are stored in a LDAP server. My eap.conf is: eap { default_eap_type = ttls timer_expire = 60 ignore_unknown_eap_types = no md5 { } tls { certificate_file = /etc/pki/tls/certs/spectrum.xp-crt.pem private_key_file = /etc/pki/tls/certs/spectrum.xp-key.pem CA_file = /etc/pki/tls/certs/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes copy_request_to_tunnel = no use_tunneled_reply = no } ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no } mschapv2 { } } EOF These are debugging messages: rad_recv: Access-Request packet from host 10.30.1.151:2048, id=0, length=125 User-Name = "jsmith" NAS-IP-Address = 10.30.1.151 Called-Station-Id = "000625f17036" Calling-Station-Id = "000e35bf5118" NAS-Identifier = "000625f17036" NAS-Port = 54 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000b016d6261726265 Message-Authenticator = 0x05f08581315f74a9365956e711d1adec Processing the authorize section of radiusd.conf modcall: entering group authorize for request 78 modcall[authorize]: module "preprocess" returns ok for request 78 rlm_eap: EAP packet type response id 0 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 78 modcall[authorize]: module "files" returns notfound for request 78 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 91 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 78 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 78 modcall: leaving group authorize (returns updated) for request 78 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 78 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 78 modcall: leaving group authenticate (returns handled) for request 78 Sending Access-Challenge of id 0 to 10.30.1.151 port 2048 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfc48a9d073781d46b58418c4b4cd9827 Finished request 78 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.30.1.151:2048, id=0, length=267 User-Name = "jsmith" NAS-IP-Address = 10.30.1.151 Called-Station-Id = "000625f17036" Calling-Station-Id = "000e35bf5118" NAS-Identifier = "000625f17036" NAS-Port = 54 Framed-MTU = 1400 State = 0xfc48a9d073781d46b58418c4b4cd9827 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100871500160301007c010000780301478642113f068a6df0132c744c49958b45592615abb6622beddf19a8fa52510f20fd4cbc7f733120101175d6dd7f27f2585364c73af2b4d0f65332531e8c2d3c4b003000390038003500160013000a00330032002f006600050004006300620015001200090065006400140011000800060003020100 Message-Authenticator = 0xdfd8574e151c9d725b98e1d9f907aff5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 79 modcall[authorize]: module "preprocess" returns ok for request 79 rlm_eap: EAP packet type response id 1 length 135 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 79 modcall[authorize]: module "files" returns notfound for request 79 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 92 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 79 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 79 modcall: leaving group authorize (returns updated) for request 79 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 79 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 007c], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0852], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 79 modcall: leaving group authenticate (returns handled) for request 79 Sending Access-Challenge of id 0 to 10.30.1.151 port 2048 EAP-Message = 0x0102040a15c000000ac1160301004a0200004603014786342b9ef8bb5abf19685d60fd60612468af00d9ed6e8c3c8d8c500502cc5320818abadd3283b96ff95b519e2730f9a96b58d3c79c5b3a34305a56e68c1403e200390016030108520b00084e00084b0003b9308203b53082029da003020102020111300d06092a864886f70d010104050030818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06 EAP-Message = 0x035504031315436572746966696361746520417574686f72697479301e170d3037313031313233333633305a170d3131313031303233333633305a308193310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f312d302b060355040b1324446570617274616d656e746f20646520436f6d756e69636163696f6e6573202d20737032311d301b06035504031314737065637472756d2e70616c65726d6f2e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100e04585aa76fe88e53fe2e5 EAP-Message = 0xfd4e4c9732987996ca13093a1173f9760319f9bf6b1bbad6702284056432c8b9409e28789a2d91e8027baa1fadcf4951be8b3d1932d6a125dd50d18a57ea8c909eb93b83f73404193b6ebb16e7abcc49ec7b3d2546f65e41d895631ab82cbf09c6744c9d6e01064fd1548487e70baf1179f387430d7f193460f4bf55e9c6cb2100202382b2c0c10929e125f8c32bd5cd0d26c3d908688cb747475263370195f56c256bad4ee232fb9db6bf07966c6ad88f5bfa07143c5a626fde432f3582bdc50164e1b216e902efb947be80f5d64cf05e33e1ba76c3734bd4a1586895b5575ac4ea9f87384629547e75ad7c119c66abe7a07f8c7d0203010001a31730 EAP-Message = 0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c056381386ae47210e7781b5f29f6e345d3cf3170d7b56f207c5120ad7a0a3f50d8d5089b1b670e12571f30f6035435027ba8a6c0f560c4ed67436b09470a25f6c6ed5f6183671143d0119cdbd58f1564ff62d829557d30db8e3e629cde53dc086b2b6e6cbc199f38653349b1abd884554bde148d0b3c6972f3910a3d9a6004b4b85b5c2bea77f8939d3518d718d5a1290ca6c03f3ce5d98906e243f4cc698360b5d5f3015054f0dc7f0cb42475760038477a75d03c048f80b4f50b554499749833660883b818630ae143a9e0ac935e5e3d594 EAP-Message = 0xf97b881df18c0b1712e00eef6a91fa1582e7f8eb93fa Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0f832daf2650b8149ceb6f275602bd7 Finished request 79 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.30.1.151:2048, id=0, length=138 User-Name = "jsmith" NAS-IP-Address = 10.30.1.151 Called-Station-Id = "000625f17036" Calling-Station-Id = "000e35bf5118" NAS-Identifier = "000625f17036" NAS-Port = 54 Framed-MTU = 1400 State = 0xf0f832daf2650b8149ceb6f275602bd7 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0x2fa93517832117f062a910387bc0e5fc Processing the authorize section of radiusd.conf modcall: entering group authorize for request 80 modcall[authorize]: module "preprocess" returns ok for request 80 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 80 modcall[authorize]: module "files" returns notfound for request 80 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 93 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 80 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 80 modcall: leaving group authorize (returns updated) for request 80 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 80 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 80 modcall: leaving group authenticate (returns handled) for request 80 Sending Access-Challenge of id 0 to 10.30.1.151 port 2048 EAP-Message = 0x0103040a15c000000ac14ee3f701692818d33744866b15afbc8774a1ed07b5b43200048c3082048830820370a003020102020101300d06092a864886f70d010104050030818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f72697479301e170d3035313230313134353835305a170d3135313132393134353835305a30818e310b30090603 EAP-Message = 0x55040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100eb878d17120d3af300ab78838b32fde160463d4ff2693c5ebc59123788f0bfe9d90aaa34a22bab04b8e8f294176215b97f2edf6c686434ad87acccd5ecf7edec871e8449a876cbfe531c5158385aa9d30685723c EAP-Message = 0xf3273b5d2d8cde4ca62b0c07c3bdd54be96f2f68074454281c527079276d3388dcdb097e730c419f58d24eaca71fd8c5d8b6fe023154b9bdb920dc6ac013a57dc9bf94b99250b47bc32a07afbf2a2eddd37bdb8f0421f7df33eb999dce70784d065458b5e590f1c285837464709c6af7e3ae092dd38372420e780d8567699d534897f298fcde4309a2f66afee6dce842a69c31f1ca580454665eae87a04881b0bbb009928b30ef374fa534e50203010001a381ee3081eb301d0603551d0e04160414fd77533bb6a66d1e3b48bfb5d21501d829ddf4693081bb0603551d230481b33081b08014fd77533bb6a66d1e3b48bfb5d21501d829ddf469a18194 EAP-Message = 0xa4819130818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f72697479820101300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010066656bbb8617d0aa046d938fb367586fb47ba22a4c54ccfc21d3bdc13ae39df3cd89029a0b5bcacb39977e824d94ba8c61296ce2e38d91e22766ce9ce6d988580251e19e EAP-Message = 0xf037cea75d86cb016c26f8d51bb33fbe8f07daf1f9fc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x793f1ec27e43cf5e46f8c83bcb621ce2 Finished request 80 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.30.1.151:2048, id=0, length=138 User-Name = "jsmith" NAS-IP-Address = 10.30.1.151 Called-Station-Id = "000625f17036" Calling-Station-Id = "000e35bf5118" NAS-Identifier = "000625f17036" NAS-Port = 54 Framed-MTU = 1400 State = 0x793f1ec27e43cf5e46f8c83bcb621ce2 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061500 Message-Authenticator = 0xe5538b5a1dbce1d2be6e4577a5b03f08 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 81 modcall[authorize]: module "preprocess" returns ok for request 81 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 81 modcall[authorize]: module "files" returns notfound for request 81 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 94 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 81 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 81 modcall: leaving group authorize (returns updated) for request 81 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 81 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 81 modcall: leaving group authenticate (returns handled) for request 81 Sending Access-Challenge of id 0 to 10.30.1.151 port 2048 EAP-Message = 0x010402cb158000000ac178833f2254362517e85e9dcd2c4362773223204e9c66dff65f08f319c5c9a2bb6a6de09b6534fd5df1fc14ba8dc996930e5413bbb2d4cae1c5aa68abe3785bec762c0c47246c2a89066512727dfc1c8b96fb0005841d05009db8e084a3931d2046b4d8047d2c182c9b0a5b5f340ee1b4331ec0ece5185dc33e4f100ec0a0a7e6e2bad313ea717fa4d4ed2e913575014832f80d0298e5c662015b0729eabd6220c0082326acb5160301020d0c0002090080ab5cc42c337b650ab1047c54f7a4fc1a130b5596597983a2b227b2a9969953ee8238cee287777922551db722e8db74a6f760d006dac6ebfcc8a12be3a29d341f28c8 EAP-Message = 0x4c7276144e8ef17163040ab5133ee9dab782f2a030bf37bef653c2081f601c1563997b74cecc8d1d10f7bfdd6d812abd1b020076c2f9d125d24e7148765b000102008092f52b71e3e2a4dd4e731ab4c9897e5e07e78aaf0fc27d4607599a9a5968617c542c8c51b46ec613e25d0314be3cbd69b8b974c2c4ff9d78529ecb5e7c433f990cf57b73c495bdda8611d893847e026ac9ac439c16aaae427f7f08918b198a4e3fb9aa92db96d3693c5b99e54f94851611c866b6da20c767507055de6278329c010090ba89795c01907d37967ad43ec946dfaa36739a3da5a66a3ed0cd06ba1409ba49c0a770b543fcd28b852ab40922272cd3f94a30022bc661 EAP-Message = 0xa0267ce397397e9f49c9bbfa5cf19f2059e39df895eda2db099b4e2d1ce154d0e47284ad5d21319dc1e93c6b0ad55601d5846c7a26109a8c0cef8169817920e7a6fcbb6079172104e1f0e3eab59976a58a4bb5ec6eb833937d318995b622d2c549f41abfea1a8be19be883d1aba398272e3beff4273abe5dc765cd34d41160c1930b49d6f4d06eb12de20ecd6e1983648ed57796d0d8d600f0a26c1430a16043e2f1481cdb2a152ed90fdf3971586e5397260f1123154115452a469c55fc4a05f9dfa6d63fdde02e16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x833294c65fcd0855ebad9d048a4f1774 Finished request 81 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.30.1.151:2048, id=0, length=336 User-Name = "jsmith" NAS-IP-Address = 10.30.1.151 Called-Station-Id = "000625f17036" Calling-Station-Id = "000e35bf5118" NAS-Identifier = "000625f17036" NAS-Port = 54 Framed-MTU = 1400 State = 0x833294c65fcd0855ebad9d048a4f1774 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400cc150016030100861000008200804275e1edcb663653bdf4efea1709c14b253107d9adba49c6996ee0dfa8f8d92df6f59a0bf4466b27f45f7f590ba83ee1575e33c23426a98d8e1eaa634851f8d7a67d85d4e85362d9bd7322932980d79f16812062a8f110f54e43e26b26d422c73c128673826f2bc7336cfc292d8091dbc3296c5511ba98a3b6969d11e426bd851403010001011603010030c4d9938e47bb488e35c479bd812aea40eac63ad8cf9ef56a46d62c1685abd770d4b338626cd61ac7a67f51020d55b6e4 Message-Authenticator = 0x654cb604b66d0e06fb0f43a1bcb1fde4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 82 modcall[authorize]: module "preprocess" returns ok for request 82 rlm_eap: EAP packet type response id 4 length 204 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 82 modcall[authorize]: module "files" returns notfound for request 82 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 95 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 82 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 82 modcall: leaving group authorize (returns updated) for request 82 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 82 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 82 modcall: leaving group authenticate (returns handled) for request 82 Sending Access-Challenge of id 0 to 10.30.1.151 port 2048 EAP-Message = 0x0105004515800000003b1403010001011603010030d6ce47d40a8b1b3e4b794982ec932dd3a4b59c79e0bfabdb461b93451d30d294bae413c55f107ede3bb79847c6e1fe13 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x76a86ea597db1d84801e3d5a33ed315d Finished request 82 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.30.1.151:2048, id=0, length=228 User-Name = "jsmith" NAS-IP-Address = 10.30.1.151 Called-Station-Id = "000625f17036" Calling-Station-Id = "000e35bf5118" NAS-Identifier = "000625f17036" NAS-Port = 54 Framed-MTU = 1400 State = 0x76a86ea597db1d84801e3d5a33ed315d NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500601500170301002003befb10e115d6be6c1600e87a18821d0f297dbd309252644e30c9940819977817030100308779d4c89404e08e5e26dc999eeee3c5c40d5c4f1de09a9a5155868aa51bb597d88f42c75bb9e637994a438d916178be Message-Authenticator = 0x71e1ebd7cd9032206838384addf6c61a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 83 modcall[authorize]: module "preprocess" returns ok for request 83 rlm_eap: EAP packet type response id 5 length 96 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 83 modcall[authorize]: module "files" returns notfound for request 83 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 96 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 83 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 83 modcall: leaving group authorize (returns updated) for request 83 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 83 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled identity of jsmith TTLS: Setting default EAP type for tunneled EAP session. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 83 modcall[authorize]: module "preprocess" returns ok for request 83 rlm_eap: EAP packet type response id 0 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 83 modcall[authorize]: module "files" returns notfound for request 83 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 97 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 83 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 83 modcall: leaving group authorize (returns updated) for request 83 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 83 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 83 modcall: leaving group authenticate (returns handled) for request 83 TTLS: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 83 modcall: leaving group authenticate (returns handled) for request 83 Sending Access-Challenge of id 0 to 10.30.1.151 port 2048 EAP-Message = 0x0106004f15800000004517030100403f31dc96dfcf59f81a9bfd4877df1f05556359e4225224ff3dbb33a56cba84c6afa828768b2681f3aafdcf24affae6f42f1541bce71bc1a72ddeab16d1af5433 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xed8be8fd2ea72b6055c80ee9baf77d23 Finished request 83 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.30.1.151:2048, id=0, length=244 User-Name = "jsmith" NAS-IP-Address = 10.30.1.151 Called-Station-Id = "000625f17036" Calling-Station-Id = "000e35bf5118" NAS-Identifier = "000625f17036" NAS-Port = 54 Framed-MTU = 1400 State = 0xed8be8fd2ea72b6055c80ee9baf77d23 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206007015001703010020f5edc58442c0561622a1a8071f92bf15d9a71b9727369060e2eda2b79f8c92a117030100405f4a3d549612e997cc5157c71b123ad0850702d1429632e0fa63c7f760673226788bba2f0e777ab1eac4a57f7578f225d0647fda56034121144a3f8aa15e1e89 Message-Authenticator = 0xe9457bdb2bf21de66cf7fd105426e54a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 84 modcall[authorize]: module "preprocess" returns ok for request 84 rlm_eap: EAP packet type response id 6 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 84 modcall[authorize]: module "files" returns notfound for request 84 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 98 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 84 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 84 modcall: leaving group authorize (returns updated) for request 84 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 84 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Adding old state with 06 81 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 84 modcall[authorize]: module "preprocess" returns ok for request 84 rlm_eap: EAP packet type response id 1 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 84 modcall[authorize]: module "files" returns notfound for request 84 rlm_ldap: - authorize rlm_ldap: performing user authorization for jsmith radius_xlat: '(uid=jsmith)' radius_xlat: 'ou=people,dc=foofoo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=foofoo,dc=edu, with filter (uid=jsmith) request done: ld 0x5555557c59c0 msgid 99 rlm_ldap: checking if remote access for jsmith is allowed by radiusAllowed rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jsmith authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 84 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 84 modcall: leaving group authorize (returns updated) for request 84 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 84 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap_md5: User-Password is required for EAP-MD5 authentication rlm_eap: Handler failed in EAP/md5 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 84 modcall: leaving group authenticate (returns invalid) for request 84 auth: Failed to validate the user. TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls TTLS: Freeing handler for user jsmith rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 84 modcall: leaving group authenticate (returns invalid) for request 84 auth: Failed to validate the user. Delaying request 84 for 1 seconds Finished request 84 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 10.30.1.151 port 2048 EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 Cleaning up request 84 ID 0 with timestamp 4786342b Nothing to do. Sleeping until we see a request. Enf of messages With Windows I can do that with secure2, but I can't do the same in Linux. How can I solve this? Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
Hi,
Hi, I can't still figure it out why I can't access from Linux clients. I use version 1.1.7 of freeradius. Linux client is a Fedora 8 system.
what is the linux client config? i see the following in your debug rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap_md5: User-Password is required for EAP-MD5 authentication rlm_eap: Handler failed in EAP/md5 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 84 modcall: leaving group authenticate (returns invalid) for request 84 auth: Failed to validate the user. i would also advise that you upgrade to 2.0.0 - not only could this issue be resolves anyway - its a hell of a lof easier to debug - far less EAP messages! alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Sergio Belkin