Windows 7 EAP-TLS WIred Auth
I'm trying to authenticate a wired client (Switch supports radius) and I'm getting the following output (or similar): rad_recv: Access-Request packet from host 10.0.0.13 port 1024, id=161, length=136 User-Name = "izanami" Called-Station-Id = "30-46-9a-16-00-bc" Calling-Station-Id = "bc-ae-c5-91-67-a3" NAS-Identifier = "30-46-9a-16-00-ba" NAS-Port = 12 Framed-MTU = 1500 NAS-Port-Type = Ethernet EAP-Message = 0x0201000c01697a616e616d69 Message-Authenticator = 0xa794e968adbaf0f9398574107af8a2fb ? Evaluating (User-Name == bubbles) -> FALSE +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 1 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] Entering ldap_groupcmp() [files] expand: ou=RadHosts,dc=aarcane,dc=info -> ou=RadHosts,dc=aarcane,dc=info [files] expand: (cn=%{User-Name}) -> (cn=izanami) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (cn=izanami) [ldap] ldap_release_conn: Release Id: 0 [files] expand: (&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDN})) -> (&(objectClass=GroupOfNames)(member=cn\3dizanami\2cou\3dRadHosts\2cdc\3daarcane\2cdc\3dinfo)) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (&(cn=WifiDisabled)(&(objectClass=GroupOfNames)(member=cn\3dizanami\2cou\3dRadHosts\2cdc\3daarcane\2cdc\3dinfo))) [ldap] object not found [ldap] ldap_release_conn: Release Id: 0 [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in cn=izanami,ou=RadHosts,dc=aarcane,dc=info, with filter (objectclass=*) rlm_ldap::groupcmp: Group WifiDisabled not found or user not a member [ldap] ldap_release_conn: Release Id: 0 [files] users: Matched entry DEFAULT at line 205 ++[files] returns ok [ldap] performing user authorization for izanami [ldap] expand: (cn=%{User-Name}) -> (cn=izanami) [ldap] expand: ou=RadHosts,dc=aarcane,dc=info -> ou=RadHosts,dc=aarcane,dc=info [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (cn=izanami) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] macAddress -> Calling-Station-Id == "bc-ae-c5-91-67-a3" [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user izanami authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: bc-ae-c5-91-67-a3 rlm_checkval: Value Name: Calling-Station-Id, Value: bc-ae-c5-91-67-a3 ++[checkval] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 161 to 10.0.0.13 port 1024 Service-Type = Administrative-User EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5f8b66d45f896b3ed367e3714d4f5e92 Finished request 114. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.13 port 1024, id=162, length=247 User-Name = "izanami" Called-Station-Id = "30-46-9a-16-00-bc" Calling-Station-Id = "bc-ae-c5-91-67-a3" NAS-Identifier = "30-46-9a-16-00-ba" NAS-Port = 12 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x5f8b66d45f896b3ed367e3714d4f5e92 EAP-Message = 0x020200690d800000005f160301005a0100005603014d585bc08003e569e30a71f5a39088d3d8a8ad4ac62ced01cd057f171fb48b59000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100 Message-Authenticator = 0x5e953afa8c6d6fb70318d9ff899a5633 ? Evaluating (User-Name == bubbles) -> FALSE +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 2 length 105 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] Entering ldap_groupcmp() [files] expand: ou=RadHosts,dc=aarcane,dc=info -> ou=RadHosts,dc=aarcane,dc=info [files] expand: (cn=%{User-Name}) -> (cn=izanami) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (cn=izanami) [ldap] ldap_release_conn: Release Id: 0 [files] expand: (&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDN})) -> (&(objectClass=GroupOfNames)(member=cn\3dizanami\2cou\3dRadHosts\2cdc\3daarcane\2cdc\3dinfo)) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (&(cn=WifiDisabled)(&(objectClass=GroupOfNames)(member=cn\3dizanami\2cou\3dRadHosts\2cdc\3daarcane\2cdc\3dinfo))) [ldap] object not found [ldap] ldap_release_conn: Release Id: 0 [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in cn=izanami,ou=RadHosts,dc=aarcane,dc=info, with filter (objectclass=*) rlm_ldap::groupcmp: Group WifiDisabled not found or user not a member [ldap] ldap_release_conn: Release Id: 0 [files] users: Matched entry DEFAULT at line 205 ++[files] returns ok [ldap] performing user authorization for izanami [ldap] expand: (cn=%{User-Name}) -> (cn=izanami) [ldap] expand: ou=RadHosts,dc=aarcane,dc=info -> ou=RadHosts,dc=aarcane,dc=info [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (cn=izanami) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] macAddress -> Calling-Station-Id == "bc-ae-c5-91-67-a3" [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user izanami authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: bc-ae-c5-91-67-a3 rlm_checkval: Value Name: Calling-Station-Id, Value: bc-ae-c5-91-67-a3 ++[checkval] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS TLS Length 95 [tls] Length Included [tls] eaptls_verify returned 11 [tls] (other): before/accept initialization [tls] TLS_accept: before/accept initialization [tls] <<< TLS 1.0 Handshake [length 005a], ClientHello [tls] TLS_accept: SSLv3 read client hello A [tls] >>> TLS 1.0 Handshake [length 0031], ServerHello [tls] TLS_accept: SSLv3 write server hello A [tls] >>> TLS 1.0 Handshake [length 08e6], Certificate [tls] TLS_accept: SSLv3 write certificate A [tls] >>> TLS 1.0 Handshake [length 0159], CertificateRequest [tls] TLS_accept: SSLv3 write certificate request A [tls] TLS_accept: SSLv3 flush data [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 162 to 10.0.0.13 port 1024 Service-Type = Administrative-User EAP-Message = 0x010304000dc000000a7f16030100310200002d03014d585c00e6cff8b49f97e451a451dbfb05893664517f78d8d61b9df37d341f4a00002f000005ff0100010016030108e60b0008e20008df0003d9308203d5308202bda003020102020102300d06092a864886f70d010 10505003081a0310b3009060355040613025553311330110603550408130a43616c69666f726e69613111300f06035504071308416e74656c6f706531183016060355040a130f5363686c616374612046616d696c7931133011060355040b130a4b65795369676e696e67311630140603550403130d53 63686c6163746143657274323122302006092a864886f70d01090116 EAP-Message = 0x1361617263616e654061617263616e652e6f7267301e170d3130313030313036323234395a170d3230303932383036323234395a3081a1310b3009060355040613025553311330110603550408130a43616c69666f726e69613111300f06035504071308416e74656c6f7 06531183016060355040a130f5363686c616374612046616d696c79310f300d060355040b1306526164697573311b30190603550403131262697463682e61617263616e652e696e666f3122302006092a864886f70d010901161361617263616e654061617263616e652e6f726730820122300d06092a 864886f70d01010105000382010f003082010a0282010100d13f2aa5 EAP-Message = 0xdd8c7a38ec9f91d750c163b7da9723cdb2cfbced8c0a26e53e4ff735f081b7a82f818c7e1b50de1ff316775bd0367397e0587956bb4103dd630a3a6ea26f1839ee7ad53518c0ab515722da1ee20da3d25919566b545bd9fbdae681ff0322c5ff17f59f310cfce44aed048 af285360747fd71fe57085782efef97deefd1dc0d60d696f8effcd4f892a13d0dfb9e5d8f63dd66dca720183b53966e7d08da5e057c2b3d93bb221e9af86c492c6ab20df195061ed3de43e3a8c63aeddc73b73c46df84a36b32df4e0c87c353d17a0adac9afcab37bee40b7fb377bf75bc2e043d2f2fb 4fc05daddceb2873f2c437a89902aeed52bc27169903cbb874d37702 EAP-Message = 0x03010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038201010002865a9d48b16abe75747906794409983d703a267216dba22b69d3da0bd407de3580985b6c0f9dbe54f7e401e6ea9c7db74a11b50c70902eacd 9067dc197fbf99d8dc57404a262bf9ae266e4b8ebd18cf8c9803f8114f695a9e22f5699d6604835a2addf0e634110d290e4a92e7040fa0699750af78dcfaac3d6957dd31481d48f7179e9bae452f608bbcffab59e136d6fc32811b3110d42148d155673840419e7561fb926292b3b5de638ddde7bb79a 09cf2e266712dc87c25cd6f6a55a03f2a52c3b730ef5a0380f4d7da3 EAP-Message = 0xf356d5f85403d6b92d4e0de3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5f8b66d45e886b3ed367e3714d4f5e92 Finished request 115. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.13 port 1024, id=163, length=148 User-Name = "izanami" Called-Station-Id = "30-46-9a-16-00-bc" Calling-Station-Id = "bc-ae-c5-91-67-a3" NAS-Identifier = "30-46-9a-16-00-ba" NAS-Port = 12 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x5f8b66d45e886b3ed367e3714d4f5e92 EAP-Message = 0x020300060d00 Message-Authenticator = 0x7790a68d39849d52b1e1e59b31ecb08a ? Evaluating (User-Name == bubbles) -> FALSE +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] Entering ldap_groupcmp() [files] expand: ou=RadHosts,dc=aarcane,dc=info -> ou=RadHosts,dc=aarcane,dc=info [files] expand: (cn=%{User-Name}) -> (cn=izanami) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (cn=izanami) [ldap] ldap_release_conn: Release Id: 0 [files] expand: (&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDN})) -> (&(objectClass=GroupOfNames)(member=cn\3dizanami\2cou\3dRadHosts\2cdc\3daarcane\2cdc\3dinfo)) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (&(cn=WifiDisabled)(&(objectClass=GroupOfNames)(member=cn\3dizanami\2cou\3dRadHosts\2cdc\3daarcane\2cdc\3dinfo))) [ldap] object not found [ldap] ldap_release_conn: Release Id: 0 [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in cn=izanami,ou=RadHosts,dc=aarcane,dc=info, with filter (objectclass=*) rlm_ldap::groupcmp: Group WifiDisabled not found or user not a member [ldap] ldap_release_conn: Release Id: 0 [files] users: Matched entry DEFAULT at line 205 ++[files] returns ok [ldap] performing user authorization for izanami [ldap] expand: (cn=%{User-Name}) -> (cn=izanami) [ldap] expand: ou=RadHosts,dc=aarcane,dc=info -> ou=RadHosts,dc=aarcane,dc=info [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (cn=izanami) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] macAddress -> Calling-Station-Id == "bc-ae-c5-91-67-a3" [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user izanami authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: bc-ae-c5-91-67-a3 rlm_checkval: Value Name: Calling-Station-Id, Value: bc-ae-c5-91-67-a3 ++[checkval] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 163 to 10.0.0.13 port 1024 Service-Type = Administrative-User EAP-Message = 0x010404000dc000000a7f38fc6ef9babf007ebc8baaecb8d24a949a66715812f29a52b2fe5bd28d8b461b80d90ae2196386cf000500308204fc308203e4a003020102020101300d06092a864886f70d01010505003081a0310b30090603550406130255533113301106035 50408130a43616c69666f726e69613111300f06035504071308416e74656c6f706531183016060355040a130f5363686c616374612046616d696c7931133011060355040b130a4b65795369676e696e67311630140603550403130d5363686c6163746143657274323122302006092a864886f70d0109 01161361617263616e654061617263616e652e6f7267301e170d3130 EAP-Message = 0x313030313036323031335a170d3230303932383036323031335a3081a0310b3009060355040613025553311330110603550408130a43616c69666f726e69613111300f06035504071308416e74656c6f706531183016060355040a130f5363686c616374612046616d696 c7931133011060355040b130a4b65795369676e696e67311630140603550403130d5363686c6163746143657274323122302006092a864886f70d010901161361617263616e654061617263616e652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b6d7b0 404f4a62f7e492dcf6eb1421622d43bdc1084f8743450ad979174001 EAP-Message = 0xac0b8c4fa1ff0389a3e6e9bcdc9665efc61ceaca24081db9d16c9b66885aac53ba5cc6d583bde3ad08ad2aafcaea00dcbe2ad554b02e73fe317f22358cf988e23a2e32ef20cbcd910fe949bb3105f6dd47349dc03593294f5d89e8296b7415abdc393fa5515789d7f0bb6 5353fdc62ee1eedf4cf909322f92cbc44fff472dddb5fab8e4d42bc7cd010e6d75f71cd791c93bbfa94d5ee8079596d818ab89017c676da5768d35847fa7ebc3840c25281a31b33d9ae84a88dfc0938c582197eace610b483bd72d5bbda623c7819b191e07957a97d931230e0e740ef9ab08cbbda5ed1 0203010001a382013d30820139301d0603551d0e04160414ee354cff EAP-Message = 0xfc743aa29a50944370d137d26c018d843081cd0603551d230481c53081c28014ee354cfffc743aa29a50944370d137d26c018d84a181a6a481a33081a0310b3009060355040613025553311330110603550408130a43616c69666f726e69613111300f060355040713084 16e74656c6f706531183016060355040a130f5363686c616374612046616d696c7931133011060355040b130a4b65795369676e696e67311630140603550403130d5363686c6163746143657274323122302006092a864886f70d010901161361617263616e654061617263616e652e6f726782010130 3a0603551d1f04333031302fa02da02b8629687474703a2f2f736368 EAP-Message = 0x6c6163746163657274322e61 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5f8b66d45d8f6b3ed367e3714d4f5e92 Finished request 116. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.13 port 1024, id=164, length=148 User-Name = "izanami" Called-Station-Id = "30-46-9a-16-00-bc" Calling-Station-Id = "bc-ae-c5-91-67-a3" NAS-Identifier = "30-46-9a-16-00-ba" NAS-Port = 12 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x5f8b66d45d8f6b3ed367e3714d4f5e92 EAP-Message = 0x020400060d00 Message-Authenticator = 0x9957fee5996873676a87b72783ac9256 ? Evaluating (User-Name == bubbles) -> FALSE +- entering group authorize {...} ++[preprocess] returns ok [eap] EAP packet type response id 4 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] Entering ldap_groupcmp() [files] expand: ou=RadHosts,dc=aarcane,dc=info -> ou=RadHosts,dc=aarcane,dc=info [files] expand: (cn=%{User-Name}) -> (cn=izanami) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (cn=izanami) [ldap] ldap_release_conn: Release Id: 0 [files] expand: (&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDN})) -> (&(objectClass=GroupOfNames)(member=cn\3dizanami\2cou\3dRadHosts\2cdc\3daarcane\2cdc\3dinfo)) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (&(cn=WifiDisabled)(&(objectClass=GroupOfNames)(member=cn\3dizanami\2cou\3dRadHosts\2cdc\3daarcane\2cdc\3dinfo))) [ldap] object not found [ldap] ldap_release_conn: Release Id: 0 [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in cn=izanami,ou=RadHosts,dc=aarcane,dc=info, with filter (objectclass=*) rlm_ldap::groupcmp: Group WifiDisabled not found or user not a member [ldap] ldap_release_conn: Release Id: 0 [files] users: Matched entry DEFAULT at line 205 ++[files] returns ok [ldap] performing user authorization for izanami [ldap] expand: (cn=%{User-Name}) -> (cn=izanami) [ldap] expand: ou=RadHosts,dc=aarcane,dc=info -> ou=RadHosts,dc=aarcane,dc=info [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=RadHosts,dc=aarcane,dc=info, with filter (cn=izanami) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] macAddress -> Calling-Station-Id == "bc-ae-c5-91-67-a3" [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user izanami authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: bc-ae-c5-91-67-a3 rlm_checkval: Value Name: Calling-Station-Id, Value: bc-ae-c5-91-67-a3 ++[checkval] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 164 to 10.0.0.13 port 1024 Service-Type = Administrative-User EAP-Message = 0x0105029d0d8000000a7f617263616e652e696e666f2f63726c2e70656d300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100900fcaecc95e2c10c787b1d65e13dd2f8bdb82ba7d2108bc570282fa2b3b10bdb5fd0200626f2341d484d080596c8004fa64645c74297f8be11406c814141950461a2baaf193f44e3fc243017d07c12293624aab58e7aa641577a36c222a01175c87a1e0c68d1d99e817de8f22cd302634b834023be1e3e50d7bad7de57cf36cb35fc066eb8163f9ebe21fd4b36600250b921643137415dc71ccdfb26318a645cc580e3ba35cd4f7082c1b6f7c520f9cac686881aa2cd4fba20d5039edc1 EAP-Message = 0xfec64b116281aad9b24191de543fe5ec9bfaa8e5d94874344b41c80a271a558a659d006d38c68b0bb12fb582c92f5dff5b8c19b76fb7833add0cd91d487a98cca9d616030101590d00015103010240014b00a43081a1310b3009060355040613025553311330110603550408130a43616c69666f726e69613111300f06035504071308416e74656c6f706531183016060355040a130f5363686c616374612046616d696c79310f300d060355040b1306526164697573311b30190603550403131262697463682e61617263616e652e696e666f3122302006092a864886f70d010901161361617263616e654061617263616e652e6f726700a33081a031 EAP-Message = 0x0b3009060355040613025553311330110603550408130a43616c69666f726e69613111300f06035504071308416e74656c6f706531183016060355040a130f5363686c616374612046616d696c7931133011060355040b130a4b65795369676e696e67311630140603550403130d5363686c6163746143657274323122302006092a864886f70d010901161361617263616e654061617263616e652e6f72670e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5f8b66d45c8e6b3ed367e3714d4f5e92 Finished request 117. Going to the next request Waking up in 4.9 seconds. it seems to get to the same point (Finished request xxx.) and then repeats the entire process four times (the same number of times specified in my switch config) then fails to connect. I'm not sure if I'm missing something, or what.. but it should all be fine, as this is the same config I use for my wireless config. I'm certain I've missed something obvious, and if you can provide any additional information to point me in the right direction, I'd much appreciate it.
On 02/13/2011 10:37 PM, Christ Schlacta wrote:
it seems to get to the same point (Finished request xxx.) and then repeats the entire process four times (the same number of times specified in my switch config) then fails to connect. I'm not sure if I'm missing something, or what.. but it should all be fine, as this is the same config I use for my wireless config. I'm certain I've missed something obvious, and if you can provide any additional information to point me in the right direction, I'd much appreciate it.
The client is stopping sending. This is almost always because it doesn't trust the server cert. This is noted at length in eap.conf. Ensure you have setup the wireless connection & client properly.
On 2/14/2011 01:07, Phil Mayers wrote:
On 02/13/2011 10:37 PM, Christ Schlacta wrote:
it seems to get to the same point (Finished request xxx.) and then repeats the entire process four times (the same number of times specified in my switch config) then fails to connect. I'm not sure if I'm missing something, or what.. but it should all be fine, as this is the same config I use for my wireless config. I'm certain I've missed something obvious, and if you can provide any additional information to point me in the right direction, I'd much appreciate it.
The client is stopping sending. This is almost always because it doesn't trust the server cert. This is noted at length in eap.conf. Ensure you have setup the wireless connection & client properly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That was one of the first things I checked, the root certificate is the ONLY one checked in the windows 7 certificate dialogue. also, wireless clients work with this exact setup (all of them!), but so far, this wired client doesn't seem to want to. I did eventually find a "sorta" fix. I had jumbo frames enabled, disabling them fixed the problem temporarily. the problem has returned in a different form now. the radius server doesn't even see the auth requests now, and the client just won't even try to authenticate. I think this qualifies as a different issue, that I need to pursue separately. should I follow up here, or is it an issue I should contact my switch manufacturer about, or is it a windows problem?
Hi,
I did eventually find a "sorta" fix. I had jumbo frames enabled, disabling them fixed the problem temporarily. the problem has returned in a different form now. the radius server doesn't even see the auth requests now, and the client just won't even try to authenticate. I think this qualifies as a different issue, that I need to pursue separately. should I follow up here, or is it an issue I should contact my switch manufacturer about, or is it a windows problem?
if the server doesnt even see the auth attempts when the client is physically connected to the switch then take a good long look at the switch. use all the commands etc that you can on that switch - the show commands, the debug commands etc to find out what its doing or failing to do. we've had quite a few issues over the years with manufacturers and how they read the specs - life wouldnt be the same without a few interesting firmware upgrades (and cryptic changelogs that come with them). we had a recent one where cisco voip firmware blocked EAP-TLS through the softswitch - kinda annoying. alan
Hi,
I did eventually find a "sorta" fix. I had jumbo frames enabled, disabling them fixed the problem temporarily. the problem has returned in a different form now. the radius server doesn't even see the auth requests now, and the client just won't even try to authenticate. I think this qualifies as a different issue, that I need to pursue separately. should I follow up here, or is it an issue I should contact my switch manufacturer about, or is it a windows problem?
if the server doesnt even see the auth attempts when the client is physically connected to the switch then take a good long look at the switch. use all the commands etc that you can on that switch - the show commands, the debug commands etc to find out what its doing or failing to do. we've had quite a few issues over the years with manufacturers and how they read the specs - life wouldnt be the same without a few interesting firmware upgrades (and cryptic changelogs that come with them). we had a recent one where cisco voip firmware blocked EAP-TLS through the softswitch - kinda annoying. Sounds more like REALLY F'ing annoying to me! But it's probably just me :) <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
participants (4)
-
Alan Buxey -
Christ Schlacta -
Gary Gatten -
Phil Mayers