EAP/TLS , after access-challenge nothing happen
Stefan Nowak
stefek143 at wp.pl
Fri Jun 22 13:36:20 CEST 2007
Hi
I have a little problem with authenticate using EAP/TLS on freeradius.
After Access Challenge freeradius not display Reject or Accept, only
going to the begin and repeat the same operation. What`s wrong ?? as NAS
i`m using CISCO catalyst 2950 and client supplicant WinXP, server is
freeradius 1.5.
this is logs from tcpdump:
21:43:21.547329 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS,
Access Request (1), id: 0x7d length: 120
21:43:21.648845 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS,
Access Challenge (11), id: 0x7d length: 64
21:43:21.572693 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS,
Access Request (1), id: 0x7e length: 189
21:43:21.587661 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS,
Access Challenge (11), id: 0x7e length: 1100
21:43:21.602274 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS,
Access Request (1), id: 0x7f length: 115
21:43:21.604767 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS,
Access Challenge (11), id: 0x7f length: 976
21:43:21.620631 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS,
Access Request (1), id: 0x80 length: 115
21:43:21.629087 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS,
Access Challenge (11), id: 0x80 length: 68
and this is logs from freeradius debug mode:
rad_recv: Access-Request packet from host 192.168.1.9:1812, id=207,
length=115
NAS-IP-Address = 192.168.1.9
NAS-Port-Type = Async
User-Name = "client"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-11-09-26-48-fa"
State = 0xf4dbd9e74648ce65d56e471171d0e7f3
EAP-Message = 0x020200060d00
Message-Authenticator = 0x767944f13525d633320393682cb2403f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 90
modcall[authorize]: module "preprocess" returns ok for request 90
modcall[authorize]: module "chap" returns noop for request 90
modcall[authorize]: module "mschap" returns noop for request 90
rlm_realm: No '@' in User-Name = "client", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 90
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 90
modcall[authorize]: module "files" returns notfound for request 90
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 90
modcall: leaving group authorize (returns updated) for request 90
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 90
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 90
modcall: leaving group authenticate (returns handled) for request 90
Sending Access-Challenge of id 207 to 192.168.1.9 port 1812
EAP-Message =
0x010303900d8000000786310b300906035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c30819f300d06092a864886f70d010101050003818d0030818902818100ab728b302468bd3da758ecc16f15f289ae5c37adfac5899868d65302c0ee57926b30c6e450d5359222aa219ab45bb0e9dde0ff05f1435501f3331e19
EAP-Message =
0x88ba32d22d28818f980032dbc1f3da8223bb32cd29ae2c7ecbebd082539086f97fd226292ac4dcaa005767cd00ab6cd544325f19e2a19709b4db1df9952ede369656506b0203010001a38201023081ff301d0603551d0e041604143513a6ddabae787d49cc40b35d86cc53e716de263081cf0603551d230481c73081c480143513a6ddabae787d49cc40b35d86cc53e716de26a181a0a4819d30819a310b300906035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c
EAP-Message =
0x0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c820900f3854e49a9d8e78c300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002961967ffb8fd7a6b2062b2d78880f2a61c84eb4b52dc6eeae4511192dee95d22e354171bdca060b84cf6b7c6646081bd7d20d3c38d70708a2eb2695a5180a527354cf7105af7cddb16c3a38bf4bed480b0a50fbbeb7c932a7aed302ff4065763ef1dc7abc1b7459cc3db095bea25cbf11f863d8db6220c62499d15b0cb3a3f216030100ac0d0000a4020102009f009d30819a310b300906
EAP-Message =
0x035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8a37dd36bf1bbbf6747bb6c4216ea380
Finished request 90
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.9:1812, id=208,
length=115
NAS-IP-Address = 192.168.1.9
NAS-Port-Type = Async
User-Name = "client"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-11-09-26-48-fa"
State = 0x8a37dd36bf1bbbf6747bb6c4216ea380
EAP-Message = 0x020300060d00
Message-Authenticator = 0x6de0700bd6d131fc1cec8bec76fcea72
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 91
modcall[authorize]: module "preprocess" returns ok for request 91
modcall[authorize]: module "chap" returns noop for request 91
modcall[authorize]: module "mschap" returns noop for request 91
rlm_realm: No '@' in User-Name = "client", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 91
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 91
modcall[authorize]: module "files" returns notfound for request 91
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 91
modcall: leaving group authorize (returns updated) for request 91
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 91
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 91
modcall: leaving group authenticate (returns handled) for request 91
Sending Access-Challenge of id 208 to 192.168.1.9 port 1812
EAP-Message = 0x0104000a0d8000000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7b7eac5f542d1c6ec0abd77c3ce3c509
Finished request 91
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 88 ID 205 with timestamp 467ad8b7
Cleaning up request 89 ID 206 with timestamp 467ad8b7
Cleaning up request 90 ID 207 with timestamp 467ad8b7
Cleaning up request 91 ID 208 with timestamp 467ad8b7
Nothing to do. Sleeping until we see a request.
----------------------------------------------------
Nieważne, kim jesteś i jak wyglądasz. Jesteś wart
tyle, ile ktoś chce zapłacić za twoją śmierć...
Przerażający thriller HOSTEL 2 - w kinach od 22 czerwca!
http://klik.wp.pl/?adr=http%3A%2F%2Fadv.reklama.wp.pl%2Fas%2Fhostel2.html&sid=1196
More information about the Freeradius-Devel
mailing list