certificate expiration proble
hi everybody, I am trying to configure eap with some customized certificates, I have configured eap.config correctly. But I am getting the error of "certificate expired". Although i have the latest certificates. here is the log Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=241, length=216 User-Name = "0026826172C4@test_cpe.com" NAS-IP-Address = 2.2.2.2 Calling-Station-Id = "0026826172c4" NAS-Identifier = "WASN" Event-Timestamp = "Jul 18 2013 16:53:41 PKT" EAP-Message = 0x02f2001e0130303236383236313732433440746573745f6370652e636f6d WiMAX-Release = "1.1" WiMAX-Accounting-Capabilities = Flow-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap = Supported WiMAX-Attr-1281 = 0x01 WiMAX-BS-Id = 0x303030303066303030663130 WiMAX-GMT-Timezone-offset = 18000 NAS-Port-Type = Wireless-802.16 WiMAX-Available-In-Client = 99 Service-Type = Framed-User Message-Authenticator = 0xf6c08b2315b3ca00a2121a64e669594a # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 242 length 30 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [eap] EAP packet type response id 242 length 30 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> 0026826172C4@test_cpe.com [sql] sql_set_user escaped user --> '0026826172C4@test_cpe.com' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute, AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Login-Time' AS Attribute, (select decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM) from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'0026826172C4@test_cpe.com' [sql] User found in radcheck table [sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi') and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi') and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, ' 0026826172C4@test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID(' 0026826172C4@test_cpe.com') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24: rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok Found Auth-Type = Accept Found Auth-Type = EAP Warning: Found 2 auth-types on request for user '0026826172C4@test_cpe.com' # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group eap {...} [eap] EAP Identity [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 241 to 2.2.2.2 port 10010 hw-application-type := Simple-Mobile hw-flow-info := "FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0" hw-application-scene := 1 hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;" WiMAX-Release := "1.1" WiMAX-Accounting-Capabilities := Flow-Based WiMAX-Hotlining-Capabilities := Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap := Supported hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;" hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;" EAP-Message = 0x01f300060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0718f89107ebf525d78d83a17abaa53c Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=242, length=298 User-Name = "0026826172C4@test_cpe.com" NAS-IP-Address = 2.2.2.2 State = 0x0718f89107ebf525d78d83a17abaa53c Calling-Station-Id = "0026826172c4" NAS-Identifier = "WASN" Event-Timestamp = "Jul 18 2013 16:53:41 PKT" EAP-Message = 0x02f3005e0d0016030100530100004f03013dc8d3a7680f76fa87876469bd0b8eb5eb633c9db9d79a985f8d60a72479101c00002800390038003500160013000a00330032002f000700050004001500120009001400110008000600030100 WiMAX-Release = "1.1" WiMAX-Accounting-Capabilities = Flow-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap = Supported WiMAX-Attr-1281 = 0x01 WiMAX-BS-Id = 0x303030303066303030663130 WiMAX-GMT-Timezone-offset = 18000 NAS-Port-Type = Wireless-802.16 WiMAX-Available-In-Client = 99 Service-Type = Framed-User Message-Authenticator = 0x9469972114207760975db1717a3a34d5 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 243 length 94 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [eap] EAP packet type response id 243 length 94 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> 0026826172C4@test_cpe.com [sql] sql_set_user escaped user --> '0026826172C4@test_cpe.com' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute, AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Login-Time' AS Attribute, (select decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM) from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'0026826172C4@test_cpe.com' [sql] User found in radcheck table [sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi') and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi') and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, ' 0026826172C4@test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID(' 0026826172C4@test_cpe.com') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24: rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok Found Auth-Type = Accept Found Auth-Type = EAP Warning: Found 2 auth-types on request for user '0026826172C4@test_cpe.com' # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group eap {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] (other): before/accept initialization [tls] TLS_accept: before/accept initialization [tls] <<< TLS 1.0 Handshake [length 0053], ClientHello [tls] TLS_accept: SSLv3 read client hello A [tls] >>> TLS 1.0 Handshake [length 002a], ServerHello [tls] TLS_accept: SSLv3 write server hello A [tls] >>> TLS 1.0 Handshake [length 041d], Certificate [tls] TLS_accept: SSLv3 write certificate A [tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [tls] TLS_accept: SSLv3 write key exchange A [tls] >>> TLS 1.0 Handshake [length 02c6], CertificateRequest [tls] TLS_accept: SSLv3 write certificate request A [tls] TLS_accept: SSLv3 flush data [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 242 to 2.2.2.2 port 10010 hw-application-type := Simple-Mobile hw-flow-info := "FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0" hw-application-scene := 1 hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;" WiMAX-Release := "1.1" WiMAX-Accounting-Capabilities := Flow-Based WiMAX-Hotlining-Capabilities := Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap := Supported hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;" hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;" EAP-Message = 0x01f404000dc00000092e160301002a02000026030151e7d364c55e3e763c5d8c8dbdaf4710f12b4d01814f68ea37a38ea02698410f00003900160301041d0b0004190004160004133082040f30820378a00302010202100a8daa0eb4b4dc5173a3e0b28f8a6f54300d06092a864886f70d01010505003081ce310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e312130 EAP-Message = 0x1f06035504031318546861777465205072656d69756d205365727665722043413128302606092a864886f70d01090116197072656d69756d2d736572766572407468617774652e636f6d301e170d3039303331363030303030305a170d3134303331353233353935395a30818f310b300906035504061302504b3110300e060355040813074361706974616c311230100603550407130949736c616d6162616431223020060355040a131957492d54524942452050414b495354414e204c494d49544544310e300c060355040b130557694d4158312630240603550403131d6973622d64636e2d6e706d2d312e77692d74726962652e6e65742e706b30 EAP-Message = 0x820122300d06092a864886f70d01010105000382010f003082010a0282010100e28863d9e8d12cd729c23ee0d04f706c1021a62e380df58f4d05ce8127cc86ba076db893764f48f1fab9c9d167da1c8b98f6d43e9c0d5b4fff25e4e77b58b9648634505d96d5eaa9390b9fdb388fb7d1376884086f5f35cb3c93804b6d15941f520aa960172c9abfbc6e8ab749444ccdc8e8d7a694f653535bd4299a0ce89cff1ff5c02d4b709947dab10d19fb26f1eb805dc3978998fb425099dbed5509dce7c585df45f1919314fefaadff501ca6f22b535b4066b6a10b99c80fc41b1140f308e798e2a586781c9452cb906797eea317500b2b3d52f0c9a6be20c758 EAP-Message = 0x22d6a21edf30d99140bb973e95a8d990dc48271319ad889db9954d3f1b9440851c08190203010001a381a63081a3300c0603551d130101ff0402300030400603551d1f043930373035a033a031862f687474703a2f2f63726c2e7468617774652e636f6d2f5468617774655365727665725072656d69756d43412e63726c301d0603551d250416301406082b0601050507030106082b06010505070302303206082b0601050507010104263024302206082b060105050730018616687474703a2f2f6f6373702e7468617774652e636f6d300d06092a864886f70d0101050500038181009042258eddf33fd439caed0bafd47843de7912872f8dff187f EAP-Message = 0x47830d0d7cc25b2a6ccf51eb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0718f89106ecf525d78d83a17abaa53c Finished request 1. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=243, length=210 User-Name = "0026826172C4@test_cpe.com" NAS-IP-Address = 2.2.2.2 State = 0x0718f89106ecf525d78d83a17abaa53c Calling-Station-Id = "0026826172c4" NAS-Identifier = "WASN" Event-Timestamp = "Jul 18 2013 16:53:41 PKT" EAP-Message = 0x02f400060d00 WiMAX-Release = "1.1" WiMAX-Accounting-Capabilities = Flow-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap = Supported WiMAX-Attr-1281 = 0x01 WiMAX-BS-Id = 0x303030303066303030663130 WiMAX-GMT-Timezone-offset = 18000 NAS-Port-Type = Wireless-802.16 WiMAX-Available-In-Client = 99 Service-Type = Framed-User Message-Authenticator = 0x70c92466c047fac172063f65e7c3a753 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 244 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [eap] EAP packet type response id 244 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> 0026826172C4@test_cpe.com [sql] sql_set_user escaped user --> '0026826172C4@test_cpe.com' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute, AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Login-Time' AS Attribute, (select decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM) from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'0026826172C4@test_cpe.com' [sql] User found in radcheck table [sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi') and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi') and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, ' 0026826172C4@test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID(' 0026826172C4@test_cpe.com') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24: rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok Found Auth-Type = Accept Found Auth-Type = EAP Warning: Found 2 auth-types on request for user '0026826172C4@test_cpe.com' # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group eap {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 243 to 2.2.2.2 port 10010 hw-application-type := Simple-Mobile hw-flow-info := "FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0" hw-application-scene := 1 hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;" WiMAX-Release := "1.1" WiMAX-Accounting-Capabilities := Flow-Based WiMAX-Hotlining-Capabilities := Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap := Supported hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;" hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;" EAP-Message = 0x01f504000dc00000092e93db592b25815b520e9fe747d858cb6ba761f0458eddb04948e5c07661c532c96c7e8f7a64cd46c0d2e746b12c5851d8fd6d436dd661550f97966aeb5b778472b8360bfbd8b75fa00a6db6d94bcf3b5cc0b5cff3d32b4068ccb2b0160301020d0c0002090080e3470782e846dfd041ca453987dd39ab4742f3c047fa8df2cb93bcd8680c6b7a46b314684dd3f52a14f4e128c74eeb9a02d3ffab4464ad2ddd7a324c472ca08bd20dc9f0db4d6fe03edefa767d7be8df945418016fc53d838d15769e564def8df5c59070767b1ce0f96a1cb32944fbb953abbc4d4e0ae29be6c0fc7b2a2a7383000102008093dc6f8acd615b6d EAP-Message = 0xd9902f90f91fee7ea8af12e17b071fdb1faaf45990957f58a07e7075297ca5e5c59857a4f80745cdbc475c0f2c3103a1a96618aa40a07e9f6637851c6b0b1edcea104e5d7f47b7602e3539d0957aa269968249ec0c9e60568965c7d74377a231042eb4acdb3c49c0c2b0b1e99bfcc3bbce6990a7654042cc0100c415917624a16673453f3d1379ab47b9dd6c975c39cabc44a938f2edc68a998016344960ec0522759f22e7551b4192478988c8c22c69b5883fee8560f3304fdea7cf39a605ee8e5b839c5d1bd151d97b6ce9c2034f31fe0463d27b27731b5407162fbd107a77a8b51bb8b5231e67a185042339257410eb061a839d2b850d4459c0846e EAP-Message = 0xa25b3618b348e1390c4d3afc907b97f9643c37ebc1194a2fb0f7100583c573e26cd36a05f771a029c0abeca96b26534c7c3013e6d05d058552ffd0a839f5f9ce60faafbf2d99038ebdbbfbee5ab67c8d504cc157ac5ef3ebf0d2c5134a205e55b1ff2b0713ef38559f572b1b487c6e306a9ea49ed3865931457486424216030102c60d0002be040304010202b7007d307b310b300906035504061302555331173015060355040a130e4d6f746f726f6c612c20496e632e312b3029060355040b132257694d41582044657669636520436572746966696361746520417574686f72697479312630240603550403131d4d6f746f726f6c612057694d4158 EAP-Message = 0x2044657669636520526f6f7420434100743072310b300906035504061302504b3111300f060355040a13084d6f746f726f6c61310e300c060355040b130557694d4158311b30190603550403131277696d61782e6d6f746f726f6c612e636f6d3123302106092a864886f70d010901161477313033303663406d6f746f726f6c612e636f6d00e43081e1310b300906035504061302504b311730150603550408130e46656472616c204361706974616c311230100603550407130949736c616d6162616431223020060355040a131977692d74726962652050616b697374616e206c696d6974656431183016060355040b130f436f7265204f70657261 EAP-Message = 0x74696f6e73313a3038060355 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0718f89105edf525d78d83a17abaa53c Finished request 2. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=244, length=210 User-Name = "0026826172C4@test_cpe.com" NAS-IP-Address = 2.2.2.2 State = 0x0718f89105edf525d78d83a17abaa53c Calling-Station-Id = "0026826172c4" NAS-Identifier = "WASN" Event-Timestamp = "Jul 18 2013 16:53:41 PKT" EAP-Message = 0x02f500060d00 WiMAX-Release = "1.1" WiMAX-Accounting-Capabilities = Flow-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap = Supported WiMAX-Attr-1281 = 0x01 WiMAX-BS-Id = 0x303030303066303030663130 WiMAX-GMT-Timezone-offset = 18000 NAS-Port-Type = Wireless-802.16 WiMAX-Available-In-Client = 99 Service-Type = Framed-User Message-Authenticator = 0x49efe4b0ef62ab693b67fb1ce69f166e # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 245 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [eap] EAP packet type response id 245 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> 0026826172C4@test_cpe.com [sql] sql_set_user escaped user --> '0026826172C4@test_cpe.com' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute, AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Login-Time' AS Attribute, (select decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM) from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'0026826172C4@test_cpe.com' [sql] User found in radcheck table [sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi') and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi') and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, ' 0026826172C4@test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID(' 0026826172C4@test_cpe.com') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24: rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok Found Auth-Type = Accept Found Auth-Type = EAP Warning: Found 2 auth-types on request for user '0026826172C4@test_cpe.com' # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group eap {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 244 to 2.2.2.2 port 10010 hw-application-type := Simple-Mobile hw-flow-info := "FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0" hw-application-scene := 1 hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;" WiMAX-Release := "1.1" WiMAX-Accounting-Capabilities := Flow-Based WiMAX-Hotlining-Capabilities := Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap := Supported hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;" hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;" EAP-Message = 0x01f6014c0d800000092e0403133177692d74726962652050616b697374616e206c696d697465642043657274696669636174696f6e20417574686f72697479312b302906092a864886f70d010901161c68696c616c2e61667269646940706b2e77692d74726962652e636f6d00da3081d7310b300906035504061302504b311730150603550408130e46656472616c204361706974616c311230100603550407130949736c616d6162616431223020060355040a131977692d74726962652050616b697374616e206c696d69746564311b3019060355040b13124e6574776f726b204f7065726174696f6e73313230300603550403132977692d747269 EAP-Message = 0x62652050616b697374616e2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706b77696e6f6340706b2e77692d74726962652e636f6d0e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0718f89104eef525d78d83a17abaa53c Finished request 3. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=245, length=1579 User-Name = "0026826172C4@test_cpe.com" NAS-IP-Address = 2.2.2.2 State = 0x0718f89104eef525d78d83a17abaa53c Calling-Station-Id = "0026826172c4" NAS-Identifier = "WASN" Event-Timestamp = "Jul 18 2013 16:53:42 PKT" EAP-Message = 0x02f605550dc000000563160301040d0b000409000406000403308203ff308203a9a003020102020120300d06092a864886f70d01010505003081d7310b300906035504061302504b311730150603550408130e46656472616c204361706974616c311230100603550407130949736c616d6162616431223020060355040a131977692d74726962652050616b697374616e206c696d69746564311b3019060355040b13124e6574776f726b204f7065726174696f6e73313230300603550403132977692d74726962652050616b697374616e2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706b EAP-Message = 0x77696e6f6340706b2e77692d74726962652e636f6d301e170d3130303432313131313032335a170d3133303430353131313032335a30818b310b300906035504061302504b3111300f0603550408130850616b697374616e311230100603550407130949736c616d616261643111300f060355040a130877692d74726962653111300f060355040b130877692d7472696265310c300a060355040313034141413121301f06092a864886f70d0109011612636340706b2e77692d74726962652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b2de6451f7ca49f79ff2ba2054fe782dd316cc7208e3eb5d653f38f952 EAP-Message = 0xd6598e4b286ec0f9847a83298c590cd6a44456c0cd05f3cde7c278aa765d54dd498678059e1833e748127a79b15718a74b5691693e0523e36de680aaa6d5ff2c6c8ce8425cc3120b8524a97a3abb8940b19ce721dd97499dac7f7893ab8f65689e14fb0203010001a38201643082016030090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604146823bd5dbe9e1202f84126d580f11c9fb5c52115308201040603551d230481fc3081f980145fb53176239da60a979b69a60e6dd41773cb9177a181dda481da3081d7310b3009060355 EAP-Message = 0x04061302504b311730150603550408130e46656472616c204361706974616c311230100603550407130949736c616d6162616431223020060355040a131977692d74726962652050616b697374616e206c696d69746564311b3019060355040b13124e6574776f726b204f7065726174696f6e73313230300603550403132977692d74726962652050616b697374616e2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706b77696e6f6340706b2e77692d74726962652e636f6d820100300d06092a864886f70d01010505000341008936a560f672d39b89c3b1977b5468f34bf0a4bb7a2d9a1c EAP-Message = 0xd1880587b38ba3500162c22a3394d96ba3580e6f0da7c9bb06d74dc91c749b33a58985bcfd7c066916030100861000008200802e22a7c459dc49690d746d88aff274948e4e40c06976ea279eec07853956f85b4d00d9e2a83352e93d7cebf6dbe15c739d36fddf011d278e0531caaecf96ff50a4c04cf57dd7a5116715a80f659aad8611d11032c6e866c7b8b581e9c68b28c2e2bcb8674ffc38114facd04ff2879b47b3cab5d9d47f02824992e8f0b1a7886416030100860f0000820080a114a4114bef2651133e15c3fa97a3eeca554d852d57336c4afbf25785379b7263682b2ca624a1e89f09c6d1787f1bca02af5d2f4f9cc589a56c7bd5c9c849 EAP-Message = 0xe0272678ec93bfbb85fdcccc3595c7b05fd85ddac76ea1fd05b3c7bed9e84a7fbf9f31f01b66576ba66a7a7383bc077f6036573eb09097726b468cf376e14b0b4a1403010001011603010030a9c4652b13fb45f4deadd45f9342149adea890aa78e886fb WiMAX-Release = "1.1" WiMAX-Accounting-Capabilities = Flow-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap = Supported WiMAX-Attr-1281 = 0x01 WiMAX-BS-Id = 0x303030303066303030663130 WiMAX-GMT-Timezone-offset = 18000 NAS-Port-Type = Wireless-802.16 WiMAX-Available-In-Client = 99 Service-Type = Framed-User Message-Authenticator = 0x7c48268950c2bd896a0be89d4241a330 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 246 length 253 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [eap] EAP packet type response id 246 length 253 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> 0026826172C4@test_cpe.com [sql] sql_set_user escaped user --> '0026826172C4@test_cpe.com' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute, AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Login-Time' AS Attribute, (select decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM) from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'0026826172C4@test_cpe.com' [sql] User found in radcheck table [sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi') and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi') and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, ' 0026826172C4@test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID(' 0026826172C4@test_cpe.com') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24: rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok Found Auth-Type = Accept Found Auth-Type = EAP Warning: Found 2 auth-types on request for user '0026826172C4@test_cpe.com' # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group eap {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS TLS Length 1379 [tls] Received EAP-TLS First Fragment of the message [tls] eaptls_verify returned 9 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 245 to 2.2.2.2 port 10010 hw-application-type := Simple-Mobile hw-flow-info := "FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0" hw-application-scene := 1 hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;" WiMAX-Release := "1.1" WiMAX-Accounting-Capabilities := Flow-Based WiMAX-Hotlining-Capabilities := Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap := Supported hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;" hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;" EAP-Message = 0x01f700060d00 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0718f89103eff525d78d83a17abaa53c Finished request 4. Going to the next request Waking up in 3.5 seconds. rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=246, length=234 User-Name = "0026826172C4@test_cpe.com" NAS-IP-Address = 2.2.2.2 State = 0x0718f89103eff525d78d83a17abaa53c Calling-Station-Id = "0026826172c4" NAS-Identifier = "WASN" Event-Timestamp = "Jul 18 2013 16:53:42 PKT" EAP-Message = 0x02f7001e0d0084ce90a57cbd6f12a92e87a4b000e428b53ef2cd15648e1a WiMAX-Release = "1.1" WiMAX-Accounting-Capabilities = Flow-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Idle-Mode-Notification-Cap = Supported WiMAX-Attr-1281 = 0x01 WiMAX-BS-Id = 0x303030303066303030663130 WiMAX-GMT-Timezone-offset = 18000 NAS-Port-Type = Wireless-802.16 WiMAX-Available-In-Client = 99 Service-Type = Framed-User Message-Authenticator = 0x51e2d8fb6008099bef5788232a49f523 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 247 length 30 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [eap] EAP packet type response id 247 length 30 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> 0026826172C4@test_cpe.com [sql] sql_set_user escaped user --> '0026826172C4@test_cpe.com' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute, AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Login-Time' AS Attribute, (select decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM) from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum AS RC_ID,'0026826172C4@test_cpe.com' [sql] User found in radcheck table [sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi') and to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi') and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, ' 0026826172C4@test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from SER_TBLSUBSSERVICESBUCKETS where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID(' 0026826172C4@test_cpe.com') )) and (THR_THROTTLEID=0 or THR_THROTTLEID is null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24: rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok Found Auth-Type = Accept Found Auth-Type = EAP Warning: Found 2 auth-types on request for user '0026826172C4@test_cpe.com' # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group eap {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] <<< TLS 1.0 Handshake [length 040d], Certificate [tls] chain-depth=1, [tls] error=0 [tls] --> User-Name = 0026826172C4@test_cpe.com [tls] --> BUF-Name = wi-tribe Pakistan Certification Authority [tls] --> subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwinoc@pk.wi-tribe.com [tls] --> issuer = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwinoc@pk.wi-tribe.com *[tls] --> verify return:1* *--> verify error:num=10:certificate has expired * *[tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired * *TLS Alert write:fatal:certificate expired* * TLS_accept: error in SSLv3 read client certificate B* *rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned* SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 0026826172C4@test_cpe.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 246 to 2.2.2.2 port 10010 EAP-Message = 0x04f70004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.4 seconds. --- can any body tell me what is the issue.. -- Best Regards Muhammad Nadeem
Hi,
I am trying to configure eap with some customized certificates, I have configured eap.config correctly. But I am getting the error of "certificate expired". Although i have the latest certificates.
certificate has expired. FreeRADIUS has no reason to lie. check the startup output of 'radiusd -X' - look for when it loads the certs. then use openssl to read those certs to see what the values are - server cert, CA cert....or client cert. whatever you're using eg openssl x509 -in server.pem -noout -text alan
thanx for you reply, but as i said certificates are ok. Please see this log [tls] --> User-Name = 0026826172C4@test_cpe.com [tls] --> BUF-Name = wi-tribe Pakistan Certification Authority [tls] --> subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwinoc@pk.wi-tribe.com [tls] --> issuer = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwinoc@pk.wi-tribe.com *[tls] --> verify return:1* *--> verify error:num=10:certificate has expired * *[tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired * *TLS Alert write:fatal:certificate expired* * TLS_accept: error in SSLv3 read client certificate B* *rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned* * * *thanks* On Fri, Jul 19, 2013 at 2:58 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
I am trying to configure eap with some customized certificates, I have configured eap.config correctly. But I am getting the error of "certificate expired". Although i have the latest certificates.
certificate has expired. FreeRADIUS has no reason to lie.
check the startup output of 'radiusd -X' - look for when it loads the certs. then use openssl to read those certs to see what the values are - server cert, CA cert....or client cert. whatever you're using eg
openssl x509 -in server.pem -noout -text
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University
Have you opened the certificates you believe to be the latest in something else (like Windows perhaps) and checked that the expiry dates of these certificates is correct? And have you checked that your server's time is correct too? Stefan From: freeradius-users-bounces+stefan.paetow=diamond.ac.uk@lists.freeradius.org<mailto:freeradius-users-bounces+stefan.paetow=diamond.ac.uk@lists.freeradius.org> [mailto:freeradius-users-bounces+stefan.paetow=diamond.ac.uk@lists.freeradius.org] On Behalf Of Muhammad Nadeem Sent: 19 July 2013 11:24 To: FreeRadius users mailing list Subject: Re: certificate expiration proble thanx for you reply, but as i said certificates are ok. Please see this log [tls] --> User-Name = 0026826172C4@test_cpe.com<mailto:0026826172C4@test_cpe.com> [tls] --> BUF-Name = wi-tribe Pakistan Certification Authority [tls] --> subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwinoc@pk.wi-tribe.com<mailto:pkwinoc@pk.wi-tribe.com> [tls] --> issuer = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwinoc@pk.wi-tribe.com<mailto:pkwinoc@pk.wi-tribe.com> [tls] --> verify return:1 --> verify error:num=10:certificate has expired [tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired TLS Alert write:fatal:certificate expired TLS_accept: error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned thanks On Fri, Jul 19, 2013 at 2:58 PM, <A.L.M.Buxey@lboro.ac.uk<mailto:A.L.M.Buxey@lboro.ac.uk>> wrote: Hi,
I am trying to configure eap with some customized certificates, I have configured eap.config correctly. But I am getting the error of "certificate expired". Although i have the latest certificates. certificate has expired. FreeRADIUS has no reason to lie.
check the startup output of 'radiusd -X' - look for when it loads the certs. then use openssl to read those certs to see what the values are - server cert, CA cert....or client cert. whatever you're using eg openssl x509 -in server.pem -noout -text alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Muhammad Nadeem -
stefan.paetow@diamond.ac.uk