EAP/TLS , after access-challenge nothing happen

Stefan Nowak stefek143 at wp.pl
Fri Jun 22 13:36:20 CEST 2007


Hi

I have a little problem with authenticate using EAP/TLS on freeradius. 
After Access Challenge freeradius not display Reject or Accept, only 
going to the begin and repeat the same operation. What`s wrong ?? as NAS 
i`m using CISCO catalyst 2950 and client supplicant WinXP, server is 
freeradius 1.5.

this is logs from tcpdump:

21:43:21.547329 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, 
Access Request (1), id: 0x7d length: 120
21:43:21.648845 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, 
Access Challenge (11), id: 0x7d length: 64
21:43:21.572693 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, 
Access Request (1), id: 0x7e length: 189
21:43:21.587661 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, 
Access Challenge (11), id: 0x7e length: 1100
21:43:21.602274 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, 
Access Request (1), id: 0x7f length: 115
21:43:21.604767 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, 
Access Challenge (11), id: 0x7f length: 976
21:43:21.620631 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, 
Access Request (1), id: 0x80 length: 115
21:43:21.629087 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, 
Access Challenge (11), id: 0x80 length: 68

and this is logs from freeradius debug mode:

rad_recv: Access-Request packet from host 192.168.1.9:1812, id=207, 
length=115
        NAS-IP-Address = 192.168.1.9
        NAS-Port-Type = Async
        User-Name = "client"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Calling-Station-Id = "00-11-09-26-48-fa"
        State = 0xf4dbd9e74648ce65d56e471171d0e7f3
        EAP-Message = 0x020200060d00
        Message-Authenticator = 0x767944f13525d633320393682cb2403f
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 90
  modcall[authorize]: module "preprocess" returns ok for request 90
  modcall[authorize]: module "chap" returns noop for request 90
  modcall[authorize]: module "mschap" returns noop for request 90
    rlm_realm: No '@' in User-Name = "client", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 90
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 90
  modcall[authorize]: module "files" returns notfound for request 90
rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 90
modcall: leaving group authorize (returns updated) for request 90
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 90
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 90
modcall: leaving group authenticate (returns handled) for request 90
Sending Access-Challenge of id 207 to 192.168.1.9 port 1812
        EAP-Message = 
0x010303900d8000000786310b300906035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c30819f300d06092a864886f70d010101050003818d0030818902818100ab728b302468bd3da758ecc16f15f289ae5c37adfac5899868d65302c0ee57926b30c6e450d5359222aa219ab45bb0e9dde0ff05f1435501f3331e19
        EAP-Message = 
0x88ba32d22d28818f980032dbc1f3da8223bb32cd29ae2c7ecbebd082539086f97fd226292ac4dcaa005767cd00ab6cd544325f19e2a19709b4db1df9952ede369656506b0203010001a38201023081ff301d0603551d0e041604143513a6ddabae787d49cc40b35d86cc53e716de263081cf0603551d230481c73081c480143513a6ddabae787d49cc40b35d86cc53e716de26a181a0a4819d30819a310b300906035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c
        EAP-Message = 
0x0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c820900f3854e49a9d8e78c300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002961967ffb8fd7a6b2062b2d78880f2a61c84eb4b52dc6eeae4511192dee95d22e354171bdca060b84cf6b7c6646081bd7d20d3c38d70708a2eb2695a5180a527354cf7105af7cddb16c3a38bf4bed480b0a50fbbeb7c932a7aed302ff4065763ef1dc7abc1b7459cc3db095bea25cbf11f863d8db6220c62499d15b0cb3a3f216030100ac0d0000a4020102009f009d30819a310b300906
        EAP-Message = 
0x035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c0e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x8a37dd36bf1bbbf6747bb6c4216ea380
Finished request 90
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.9:1812, id=208, 
length=115
        NAS-IP-Address = 192.168.1.9
        NAS-Port-Type = Async
        User-Name = "client"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Calling-Station-Id = "00-11-09-26-48-fa"
        State = 0x8a37dd36bf1bbbf6747bb6c4216ea380
        EAP-Message = 0x020300060d00
        Message-Authenticator = 0x6de0700bd6d131fc1cec8bec76fcea72
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 91
  modcall[authorize]: module "preprocess" returns ok for request 91
  modcall[authorize]: module "chap" returns noop for request 91
  modcall[authorize]: module "mschap" returns noop for request 91
    rlm_realm: No '@' in User-Name = "client", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 91
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 91
  modcall[authorize]: module "files" returns notfound for request 91
rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 91
modcall: leaving group authorize (returns updated) for request 91
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 91
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 91
modcall: leaving group authenticate (returns handled) for request 91
Sending Access-Challenge of id 208 to 192.168.1.9 port 1812
        EAP-Message = 0x0104000a0d8000000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7b7eac5f542d1c6ec0abd77c3ce3c509
Finished request 91
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 88 ID 205 with timestamp 467ad8b7
Cleaning up request 89 ID 206 with timestamp 467ad8b7
Cleaning up request 90 ID 207 with timestamp 467ad8b7
Cleaning up request 91 ID 208 with timestamp 467ad8b7
Nothing to do.  Sleeping until we see a request.

----------------------------------------------------
Nieważne, kim jesteś i jak wyglądasz. Jesteś wart 
tyle, ile ktoś chce zapłacić za twoją śmierć... 
Przerażający thriller HOSTEL 2 - w kinach od 22 czerwca! 
http://klik.wp.pl/?adr=http%3A%2F%2Fadv.reklama.wp.pl%2Fas%2Fhostel2.html&sid=1196





More information about the Freeradius-Devel mailing list