2 server radius (same configuration), different log messages
Hi all. I have 2 server radius and 1 "AP Cisco" configured to use EAP Authentication. I have 2 server radius with freeradius 1.1.7 (fedora 8), configured in the same way (PEAP) (I haad configured my first server radius and then I copied my configuration files , and the certificates in second server radius) Then by my linux laptop, with wpa_supplicant I try to connect to my wireless ntwork. 1) If my AP is configured to require the authentication on first server radius 1, I obtain this log messages: *Mon May 19 08:51:20 2008 : Error: TLS_accept:error in SSLv3 read client certificate A Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon May 19 08:51:20 2008 : Info: (other): SSL negotiation finished successfully Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message* Mon May 19 08:51:20 2008 : Info: rlm_eap_mschapv2: Issuing Challenge *Mon May 19 08:51:20 2008 : Auth: Login OK: [fanti/<no User-Password attribute>] (from client localhost port 3686 cli 001e.4c00.dade) Mon May 19 08:51:20 2008 : Auth: Login OK: [fanti/<no User-Password attribute>] (from client ap-alternet port 3686 cli 001e.4c00.dade)* ############################################################## If I start with radius -X: rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 9 modcall: group authenticate returns ok for request 9 *Login OK: [fanti/<no User-Password attribute>] (from client ap-alternet port 3687 cli 001e.4c00.dade)* ################################################################## 2) In my second server radius I obtain: Mon May 19 08:50:38 2008 : Info: rlm_eap_mschapv2: Issuing Challenge *Mon May 19 08:50:38 2008 : Auth: Login OK: [fanti] (from client localhost port 3689 cli 001e.4c00.dade) Mon May 19 08:50:38 2008 : Auth: Login OK: [fanti] (from client ap-alternet port 3689 cli 001e.4c00.dade)* ##################### If I start with radius -X: rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 9 modcall: leaving group authenticate (returns ok) for request 9 *Login OK: [fanti] (from client ap-alternet port 3690 cli 001e.4c00.dade *I don't understand why I have differences in this 2 logs (In rows where I have Login OK). Can you help me please ? Thank you enrico
hi, 2 different logs - can only be achieved by 1) you are running different builds of FreeRADIUS or 2) the config files really are different alan
But with same configuration files (radius.conf, eap.conf) , I have this differences. This messages: *Mon May 19 08:51:20 2008 : Error: TLS_accept:error in SSLv3 read client certificate A Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon May 19 08:51:20 2008 : Info: (other): SSL negotiation finished successfully Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message *are visible only in 1 server radius. (tìmy linux client can authenticate using all my 2 server radius) Thank enrico A.L.M.Buxey@lboro.ac.uk ha scritto:
hi,
2 different logs - can only be achieved by
1) you are running different builds of FreeRADIUS or 2) the config files really are different
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Enrico Fanti