rad_recv: Access-Request packet from host 10.0.16.4 port 1645, id=6, length=136 User-Name = "test" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9d00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x8185244a1739d905761d97635ccde126 EAP-Message = 0x020100090163657274 NAS-Port-Type = Wireless-802.11 NAS-Port = 262 NAS-IP-Address = 10.0.16.4 NAS-Identifier = "ap" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 6 to 10.0.16.4 port 1645 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7c9adf3b7cba0f54e6f2b406f75dfd7 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 6 with timestamp +5 Ready to process requests. -------- this error is with the supplicant "wire1" but... when the supplicant is "Intel PROset wireless" the error is this: rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=2, length=136 User-Name = "cert" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.674a" Service-Type = Login-User Message-Authenticator = 0xba5587f920826e2bd4beb4695b9be3de EAP-Message = 0x020100090163657274 NAS-Port-Type = Wireless-802.11 NAS-Port = 259 NAS-IP-Address = 10.0.31.40 NAS-Identifier = "ap-Reconquista-31" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "cert", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 2 to 10.0.31.40 port 1645 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x45047f1b45067264424db5b65333fec0 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=3, length=255 User-Name = "cert" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.674a" Service-Type = Login-User Message-Authenticator = 0x565fba63fe92ec25bb27dc9b7cd35351 EAP-Message = 0x0202006e0d8000000064160301005f0100005b0301492d8813d8442284e62309c1463f24d6bd6dff31a5a199dee31582cbb9fa140400003400390038003500160013000a00330032002f006600050004006500640063006200610060001500120009001400110008000600030100 NAS-Port-Type = Wireless-802.11 NAS-Port = 259 State = 0x45047f1b45067264424db5b65333fec0 NAS-IP-Address = 10.0.31.40 NAS-Identifier = "ap-Reconquista-31" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "cert", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 110 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS TLS Length 100 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0849], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a3], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 3 to 10.0.31.40 port 1645 EAP-Message = 0x010304000dc000000b57160301004a020000460301492d88149171a0d9fd6597a004574b6ff645784cfb233487f6a1178e983db8b9202849854d8af6a3dea84919340635e06d602786b93c1fe23e19cdfced138f4ce100390016030108490b00084500084200039d3082039930820281a003020102020101300d06092a864886f70d010104050030818f310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311d30 EAP-Message = 0x1b06035504031314436572746966696361646f205261646975734954301e170d3038313131383139303732335a170d3039313131383139303732335a3077310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c060355040a130549504c414e311b3019060355040313125365727665722043657274696669636174653124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e617230820122300d06092a864886f70d01010105000382010f003082010a0282010100a3214e2a03be37b3b6da8eff4fae6c7842f472aeb12bba75eb5562cddb7952a6ae61663f628df1 EAP-Message = 0x2d1991b857f64a16e911276e3d6bcda584cbedf6869c19b871e9d8885955316739815ffee397c766ef9dd324f5eab40e761981f957447f775aa6fbb54d3524b76c08619fc3ebb786fa8347e080fd1512f9e04f4a0233cbe0c8a43efc96df5ac94f8a5270d4ff7fab98d04e464d1db1c53e62d412b0aca7f5a93e1e7386f65279b8dced42895115acecb76d0c619308bf79489223bdf468c6dff08d3ed46c2ed01398ee13207a187e36c82aa3b67679ce0278a9d89ec043ad8500eee052d4b5376a1d1c26153ccda064fdcf7bb2f6a1ad60fb34419705b89e650203010001a317301530130603551d25040c300a06082b06010505070301300d06092a86 EAP-Message = 0x4886f70d0101040500038201010098f1873453c3f3d52defa937a6a5ef9582a20758059e5aa37c451910b3b1a1823338a62070943b943c1f14aff489d62b163dccf164d7d60392a72d689778f6487087c8bc71ef77630065e987ec37c7fcccb2df32c6ca508a1f5a244c26a6b2e4d2ffbc6b9caa8b0676aace623b008ca88a0a1bc790e20110afca82544e136e9f6b748dcfa422a59fc780f9e59c29aba4163fe428b6a5090afb244d0d66ae5908f53ceaf6f4f21344372513726077ba93bafe985a2dd3107983de3ad686dfec2d78ef34c76148f6329cd5d00c8543803f27fe221df19d90465e602e4e0e1909d38cd03b108b5bb0f7bdc402f6cddfbf EAP-Message = 0xb7420732d3d7b3e2232b37fd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x45047f1b44077264424db5b65333fec0 Finished request 2. Going to the next request Waking up in 4.3 seconds. ----------------------------- any suggestions? many thanks!
Ask Intel where does that thing write logs and then read them. Answer is with the supplicant. Looking at the radius server won't help. Ivan Kalik Kalik Informatika ISP Dana 26/11/2008, "Martin Silvero" <silvero.martin@gmail.com> piše:
rad_recv: Access-Request packet from host 10.0.16.4 port 1645, id=6, length=136 User-Name = "test" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9d00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x8185244a1739d905761d97635ccde126 EAP-Message = 0x020100090163657274 NAS-Port-Type = Wireless-802.11 NAS-Port = 262 NAS-IP-Address = 10.0.16.4 NAS-Identifier = "ap" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 6 to 10.0.16.4 port 1645 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7c9adf3b7cba0f54e6f2b406f75dfd7 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 6 with timestamp +5 Ready to process requests.
--------
this error is with the supplicant "wire1"
but... when the supplicant is "Intel PROset wireless" the error is this:
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=2, length=136 User-Name = "cert" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.674a" Service-Type = Login-User Message-Authenticator = 0xba5587f920826e2bd4beb4695b9be3de EAP-Message = 0x020100090163657274 NAS-Port-Type = Wireless-802.11 NAS-Port = 259 NAS-IP-Address = 10.0.31.40 NAS-Identifier = "ap-Reconquista-31" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "cert", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 2 to 10.0.31.40 port 1645 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x45047f1b45067264424db5b65333fec0 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=3, length=255 User-Name = "cert" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.674a" Service-Type = Login-User Message-Authenticator = 0x565fba63fe92ec25bb27dc9b7cd35351 EAP-Message = 0x0202006e0d8000000064160301005f0100005b0301492d8813d8442284e62309c1463f24d6bd6dff31a5a199dee31582cbb9fa140400003400390038003500160013000a00330032002f006600050004006500640063006200610060001500120009001400110008000600030100 NAS-Port-Type = Wireless-802.11 NAS-Port = 259 State = 0x45047f1b45067264424db5b65333fec0 NAS-IP-Address = 10.0.31.40 NAS-Identifier = "ap-Reconquista-31" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "cert", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 110 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS TLS Length 100 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0849], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a3], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 3 to 10.0.31.40 port 1645 EAP-Message = 0x010304000dc000000b57160301004a020000460301492d88149171a0d9fd6597a004574b6ff645784cfb233487f6a1178e983db8b9202849854d8af6a3dea84919340635e06d602786b93c1fe23e19cdfced138f4ce100390016030108490b00084500084200039d3082039930820281a003020102020101300d06092a864886f70d010104050030818f310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311d30 EAP-Message = 0x1b06035504031314436572746966696361646f205261646975734954301e170d3038313131383139303732335a170d3039313131383139303732335a3077310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c060355040a130549504c414e311b3019060355040313125365727665722043657274696669636174653124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e617230820122300d06092a864886f70d01010105000382010f003082010a0282010100a3214e2a03be37b3b6da8eff4fae6c7842f472aeb12bba75eb5562cddb7952a6ae61663f628df1 EAP-Message = 0x2d1991b857f64a16e911276e3d6bcda584cbedf6869c19b871e9d8885955316739815ffee397c766ef9dd324f5eab40e761981f957447f775aa6fbb54d3524b76c08619fc3ebb786fa8347e080fd1512f9e04f4a0233cbe0c8a43efc96df5ac94f8a5270d4ff7fab98d04e464d1db1c53e62d412b0aca7f5a93e1e7386f65279b8dced42895115acecb76d0c619308bf79489223bdf468c6dff08d3ed46c2ed01398ee13207a187e36c82aa3b67679ce0278a9d89ec043ad8500eee052d4b5376a1d1c26153ccda064fdcf7bb2f6a1ad60fb34419705b89e650203010001a317301530130603551d25040c300a06082b06010505070301300d06092a86 EAP-Message = 0x4886f70d0101040500038201010098f1873453c3f3d52defa937a6a5ef9582a20758059e5aa37c451910b3b1a1823338a62070943b943c1f14aff489d62b163dccf164d7d60392a72d689778f6487087c8bc71ef77630065e987ec37c7fcccb2df32c6ca508a1f5a244c26a6b2e4d2ffbc6b9caa8b0676aace623b008ca88a0a1bc790e20110afca82544e136e9f6b748dcfa422a59fc780f9e59c29aba4163fe428b6a5090afb244d0d66ae5908f53ceaf6f4f21344372513726077ba93bafe985a2dd3107983de3ad686dfec2d78ef34c76148f6329cd5d00c8543803f27fe221df19d90465e602e4e0e1909d38cd03b108b5bb0f7bdc402f6cddfbf EAP-Message = 0xb7420732d3d7b3e2232b37fd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x45047f1b44077264424db5b65333fec0 Finished request 2. Going to the next request Waking up in 4.3 seconds.
-----------------------------
any suggestions?
many thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Martin Silvero -
tnt@kalik.net