XP won't authenticate with EAP TLS - log shows unknown_ca fatal error

Landon Cox freeradius at 360vl.com
Fri Aug 5 19:24:38 CEST 2005


Problem statement:
XP won't authenticate with EAP TLS and FreeRADIUS debug logs  
(appended) shows unknown_ca fatal error

Background:
I've been following the 3-part series instructions outlined in the  
Linux Journal series starting at:

http://www.linuxjournal.com/article/8017
"Paranoid Penguin - Securing WLANs with WPA and FreeRADIUS, Part I"

I chose to start with this article as it was one of the most recent  
tutorials I could find on the topic of FreeRADIUS and EAP TLS.

I'm running:
     SuSE 9.2 Pro
     FreeRADIUS version 1.0.0 Oct 5, 2004, 00:13:22  (installed from  
SuSE Yast and distro DVD)
     OpenSSL 0.9.7d 17 Mar 2004

I've read everything I can find on unknown_ca but cannot find any  
solutions and the Linux Journal article, while good, doesn't do much  
to help when something goes wrong. I've made it quite a ways into  
this install and think I'm close, but I just do not know where to go  
next or what to try.

One question I have on the Linux Journal article:  At the point of  
using openssl to convert the client cert to pkcs12 format,   it says  
"You are prompted for client_key.pem's passphrase and then for a new  
passphrase for the new file; you can use the same password as before  
if you like.  You may be tempted to press Enter instead, especially  
given that the WPA supplicant in Windows XP works only when you store  
its certificates without a passphrases..."  I've tried generate the  
client p12 file both ways and reimporting to XP's Personal  
Certificates to no avail. Is that pkcs12 passphrase assertion still  
true for XP supplicant?  Either way, with or without, I can't get  
this to work, so that must not be the issue.

I have also tried un-checking the "Validate Server Certificate" in  
the 802.1x settings of XP for that Access Point.  I get the same  
error, so the error seems to indicate an issue with not being able to  
deal with the client side cert?

I've imported both the cacert.pem into my Trusted Root Certs in XP  
and the client_cert.p12 into "Personal->Certificates".   There were  
no steps indicated I needed to import server cert  on the XP side  
(which doesn't make sense anyway...just noting here that for  
diagnostic purposes.)

Any help towards solving this issue would be very much appreciated.

Now for the debug log:

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
Config:   including file: /etc/raddb/sql.conf
  main: prefix = "/usr"
  main: localstatedir = "/var"
  main: logdir = "/var/log/radius"
  main: libdir = "/usr/lib/freeradius"
  main: radacctdir = "/var/log/radius/radacct"
  main: hostname_lookups = no
  main: max_request_time = 30
  main: cleanup_delay = 5
  main: max_requests = 1024
  main: delete_blocked_requests = 0
  main: port = 0
  main: allow_core_dumps = no
  main: log_stripped_names = no
  main: log_file = "/var/log/radius/radius.log"
  main: log_auth = no
  main: log_auth_badpass = no
  main: log_auth_goodpass = no
  main: pidfile = "/var/run/radiusd/radiusd.pid"
  main: user = "radiusd"
  main: group = "radiusd"
  main: usercollide = no
  main: lower_user = "no"
  main: lower_pass = "no"
  main: nospace_user = "no"
  main: nospace_pass = "no"
  main: checkrad = "/usr/sbin/checkrad"
  main: proxy_requests = yes
  proxy: retry_delay = 5
  proxy: retry_count = 3
  proxy: synchronous = no
  proxy: default_fallback = yes
  proxy: dead_time = 120
  proxy: post_proxy_authorize = yes
  proxy: wake_all_if_all_dead = no
  security: max_attributes = 200
  security: reject_delay = 1
  security: status_server = no
  main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
  exec: wait = yes
  exec: program = "(null)"
  exec: input_pairs = "request"
  exec: output_pairs = "(null)"
  exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
  pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
  mschap: use_mppe = yes
  mschap: require_encryption = no
  mschap: require_strong = no
  mschap: with_ntdomain_hack = no
  mschap: passwd = "(null)"
  mschap: authtype = "MS-CHAP"
  mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
  unix: cache = no
  unix: passwd = "(null)"
  unix: shadow = "(null)"
  unix: group = "(null)"
  unix: radwtmp = "/var/log/radius/radwtmp"
  unix: usegroup = no
  unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
  eap: default_eap_type = "tls"
  eap: timer_expire = 60
  eap: ignore_unknown_eap_types = no
  eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
  gtc: challenge = "Password: "
  gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
  tls: rsa_key_exchange = no
  tls: dh_key_exchange = yes
  tls: rsa_key_length = 512
  tls: dh_key_length = 512
  tls: verify_depth = 0
  tls: CA_path = "(null)"
  tls: pem_file_type = yes
  tls: private_key_file = "/etc/raddb/certs/server_key.pem"
  tls: certificate_file = "/etc/raddb/certs/server_cert.pem"
  tls: CA_file = "/etc/raddb/certs/cacert.pem"
  tls: private_key_password = "capasswd"
  tls: dh_file = "/etc/raddb/certs/dh"
  tls: random_file = "/etc/raddb/certs/random"
  tls: fragment_size = 1024
  tls: include_length = yes
  tls: check_crl = no
  tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
  mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
  preprocess: huntgroups = "/etc/raddb/huntgroups"
  preprocess: hints = "/etc/raddb/hints"
  preprocess: with_ascend_hack = no
  preprocess: ascend_channels_per_line = 23
  preprocess: with_ntdomain_hack = no
  preprocess: with_specialix_jetstream_hack = no
  preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
  realm: format = "suffix"
  realm: delimiter = "@"
  realm: ignore_default = no
  realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
  files: usersfile = "/etc/raddb/users"
  files: acctusersfile = "/etc/raddb/acct_users"
  files: preproxy_usersfile = "/etc/raddb/preproxy_users"
  files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
  acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,  
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
  detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/ 
detail-%Y%m%d"
  detail: detailperm = 384
  detail: dirperm = 493
  detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
  radutmp: filename = "/var/log/radius/radutmp"
  radutmp: username = "%{User-Name}"
  radutmp: case_sensitive = yes
  radutmp: check_with_nas = yes
  radutmp: perm = 384
  radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=165,  
length=167
     Message-Authenticator = 0x70dbfbdbb80a0132ab36ea91639115a7
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x0200000a01333630564c
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
   modcall[authorize]: module "chap" returns noop for request 0
   modcall[authorize]: module "mschap" returns noop for request 0
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 0
   rlm_eap: EAP packet type response id 0 length 10
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 0
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 165 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010100060d20
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xeb75fcb695cff41098dcdde96721a715
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=166,  
length=255
     Message-Authenticator = 0x1a26f3a01ff1ea192ae8660258ff07a3
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0xeb75fcb695cff41098dcdde96721a715
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message =  
0x020100500d800000004616030100410100003d030142f390d929fcbdc42804368a39fe 
a1de8e5033352c8556ede0a5f441cfb7492300001600040005000a000900640062000300 
060013001200630100
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
   modcall[authorize]: module "preprocess" returns ok for request 1
   modcall[authorize]: module "chap" returns noop for request 1
   modcall[authorize]: module "mschap" returns noop for request 1
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 1
   rlm_eap: EAP packet type response id 1 length 80
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 1
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
     (other): before/accept initialization
     TLS_accept: before/accept initialization
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
     TLS_accept: SSLv3 read client hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
     TLS_accept: SSLv3 write server hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 062b], Certificate
     TLS_accept: SSLv3 write certificate A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest
     TLS_accept: SSLv3 write certificate request A
     TLS_accept: SSLv3 flush data
     TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 166 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message =  
0x0102040a0dc00000071d160301004a02000046030142f390985a8abe09d131a2f9e13d 
fecad96ddd392d9d8b3070c9b63cae9e8e6c20f18fbf2845995fae88dae4ee8b3a17fbdd 
1c58f26c914d243f432c3f12a12850000400160301062b0b0006270006240002ac308202 
a830820211a003020102020101300d06092a864886f70d0101040500308187310b300906 
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407 
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049 
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648 
86f7
     EAP-Message =  
0x0d010901160e696e666f40333630766c2e636f6d301e170d3035303830353135313034 
305a170d3036303830353135313034305a308192310b3009060355040613025553311130 
0f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f20 
537072696e6773311b3019060355040a1312333630564c20496e636f72706f7261746564 
3119301706035504031310636f707065722e333630766c2e636f6d311d301b06092a8648 
86f70d010901160e696e666f40333630766c2e636f6d30819f300d06092a864886f70d01 
0101050003818d0030818902818100b2a8e575361b42490538c4ed2247ad4df5abc181da 
c9ed
     EAP-Message =  
0x95d835a509bf155163928ba6119defdbfab08ee7a195f6d7dc261d1ff95994f8cca744 
57327260e5814422485945ee4714ecb35820520be84ff4620497cd4daa6bbe6780b07b73 
ea7452db5a55684b2c13d40d0e2add84c7979c056f2a17fe1b96fb3afd85f6bddfc50203 
010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886 
f70d0101040500038181001ac5a999fdb7bb40a77a34ecff459e4bbed2583cc0cca87080 
566061428bb88ad090c7db85db96c07dc195a512bdae84849c112036af44b9320e8c0c91 
35a6f502731fe2507dbf3a337317f739c70a561f3c7d9504293301a6b321574d22509f69 
6948
     EAP-Message =  
0xe479ed655c56041259d23a0713e28a6206517e4e10349839d5dfee6a56000372308203 
6e308202d7a003020102020100300d06092a864886f70d0101040500308187310b300906 
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407 
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049 
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648 
86f70d010901160e696e666f40333630766c2e636f6d301e170d30353038303531353036 
32355a170d3036303830353135303632355a308187310b30090603550406130255533111 
300f
     EAP-Message = 0x06035504081308436f6c6f7261646f31193017060355
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xc5258593a428dfd0124288d31ba9eb20
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=167,  
length=181
     Message-Authenticator = 0x7a06c1de0bcf813186df0d4425d9f50e
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0xc5258593a428dfd0124288d31ba9eb20
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x020200060d00
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
   modcall[authorize]: module "preprocess" returns ok for request 2
   modcall[authorize]: module "chap" returns noop for request 2
   modcall[authorize]: module "mschap" returns noop for request 2
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 2
   rlm_eap: EAP packet type response id 2 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 2
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 167 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message =  
0x010303270d800000071d04071310436f6c6f7261646f20537072696e6773311b301906 
0355040a1312333630564c20496e636f72706f7261746564310e300c0603550403130533 
3630564c311d301b06092a864886f70d010901160e696e666f40333630766c2e636f6d30 
819f300d06092a864886f70d010101050003818d0030818902818100c1e36a58cf62e3ae 
df95552d32ec708012aded9061932aee060840cae5a20c8fa8ea72ba1f21253454a79c27 
799f309812d703e7bcf414044dfc3b8ea2702c0cb9a912a15e110962d8c5229ea6e7404e 
c1b28bb85f69c93f503dc4195926e8f0f621aacb7337fd8da8af009e6d5896647af6c198 
5955
     EAP-Message =  
0x1e5ce9db7367fd90c8870203010001a381e73081e4301d0603551d0e04160414ca07e0 
025ebeb3f17c26b027e597f97cfc5777493081b40603551d230481ac3081a98014ca07e0 
025ebeb3f17c26b027e597f97cfc577749a1818da4818a308187310b3009060355040613 
0255533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c 
6f7261646f20537072696e6773311b3019060355040a1312333630564c20496e636f7270 
6f7261746564310e300c06035504031305333630564c311d301b06092a864886f70d0109 
01160e696e666f40333630766c2e636f6d820100300c0603551d13040530030101ff300d 
0609
     EAP-Message =  
0x2a864886f70d01010405000381810053b790c3ef4f488e5b3c018545d4d2b91ab028c4 
7c547ecbdff6a152f80b52c4f6fbc3d074779ed87fb047a844bc473d6c417048b74409df 
5727543b8da49cef8c651ac4598c27ce116d58c5fa0337e44e1b81c2a72935f2e2e13a8b 
8ebbcc883c9135de3a11e8798abe9fb7828028d0c2ab4542e13ff7c629214fed18f086f5 
16030100990d000091020102008c008a308187310b30090603550406130255533111300f 
06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f2053 
7072696e6773311b3019060355040a1312333630564c20496e636f72706f726174656431 
0e30
     EAP-Message =  
0x0c06035504031305333630564c311d301b06092a864886f70d010901160e696e666f40 
333630766c2e636f6d0e000000
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xd3a7a2876fe028447b05a62c6f56ea76
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=168,  
length=1190
     Message-Authenticator = 0x0a1661fc6d58ef65de8bf05f6a442100
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0xd3a7a2876fe028447b05a62c6f56ea76
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message =  
0x020303f10d80000003e716030103b70b0002a70002a40002a13082029d30820206a003 
020102020102300d06092a864886f70d0101040500308187310b30090603550406130255 
533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f72 
61646f20537072696e6773311b3019060355040a1312333630564c20496e636f72706f72 
61746564310e300c06035504031305333630564c311d301b06092a864886f70d01090116 
0e696e666f40333630766c2e636f6d301e170d3035303830353135313335335a170d3036 
303830353135313335335a308187310b30090603550406130255533111300f0603550408 
1308
     EAP-Message =  
0x436f6c6f7261646f3119301706035504071310436f6c6f7261646f20537072696e6773 
311b3019060355040a1312333630564c20496e636f72706f7261746564310e300c060355 
04031305333630564c311d301b06092a864886f70d010901160e696e666f40333630766c 
2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ccbbdc 
b09846dcd91ca4d52b83d090144dd17379a121e0dfe4333eac31e4ecab9ddc5c161f372a 
c3d29dd07620ab1ef80302682a2e74a9715690651458d601326a99eccb3c8f07bd7db896 
d5797a559e1480a2691afd76ae30f91b952705e315fc1c4a6072b442aa78f05946338ef8 
5b9c
     EAP-Message =  
0xf9dde843c5bc1ece843f1414d4444d0203010001a317301530130603551d25040c300a 
06082b06010505070302300d06092a864886f70d010104050003818100763976dd9a2f05 
81394d8cf9680bc788e97e06a77759d79cb50f4b1d06dcad24112081efbfeb6850e8131a 
60e4a7406708d93005ab50cc5448c1caa94ff090f42645f0e0dd0bdb85742f8c804fed33 
2f48d68f5ebb4f327a4ecd1452b6032eb6f657d2867659380235bab98316528ec20b9855 
5d5bdf93d8c594ef593b3f81911000008200809f1ebfd92a15800034c04c8a49af03ace9 
740f760bce20bcfa1d54e882e44b5a61852c476702eeffbf1c9380c5e56cc8fc647b82fd 
b28b
     EAP-Message =  
0x7688f3c1ab9f0d9e688800c158a425f464d06eea90583411d1603ab65f6f6d0aa7901a 
6b288a16d1f745834497f99a0659c77bbdce4d4f9239373ab40b99857ab10f8de72bc9c9 
74160f00008200802c85ac1155a0e0cce2716888890728287ac6d449ecfaf9480420f31a 
9d04c4ffddab974cfddb9c992682fb94e4ba1adbdc8807fdff0f350a9ded1e9d17572796 
8054e1f879072230dbfde1bc60f581554d7c54b5745f9bed2f86dceaf11e152462d0ba71 
7df029f3753e3679803160309931f5eeb10fa4a2b3df4876ae0aa8631403010001011603 
0100205cae2f6bb96df0c4d92cbb42362de07293ecd73f2f2e48f7ce42f235107820db
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
   modcall[authorize]: module "preprocess" returns ok for request 3
   modcall[authorize]: module "chap" returns noop for request 3
   modcall[authorize]: module "mschap" returns noop for request 3
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 3
   rlm_eap: EAP packet type response id 3 length 253
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 3
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 02ab], Certificate
--> verify error:num=18:self signed certificate
chain-depth=0,
error=18
--> User-Name = 360VL
--> BUF-Name = 360VL
--> subject = /C=US/ST=Colorado/L=Colorado Springs/O=360VL  
Incorporated/CN=360VL/emailAddress=emailwithheld
--> issuer  = /C=US/ST=Colorado/L=Colorado Springs/O=360VL  
Incorporated/CN=360VL/emailAddress=emailwithheld
--> verify return:0
   rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
     TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 168 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010400110d800000000715030100020230
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x107dc1452fdb7d1314512bc4d7d9b173
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=169,  
length=181
     Message-Authenticator = 0x4fe8511906befacbdea9b16b43158663
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0x107dc1452fdb7d1314512bc4d7d9b173
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x020400060d00
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
   modcall[authorize]: module "preprocess" returns ok for request 4
   modcall[authorize]: module "chap" returns noop for request 4
   modcall[authorize]: module "mschap" returns noop for request 4
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 4
   rlm_eap: EAP packet type response id 4 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 4
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack alert
   eaptls_verify returned 4
   eaptls_process returned 4
  rlm_eap: Handler failed in EAP/tls
   rlm_eap: Failed in EAP select
   modcall[authenticate]: module "eap" returns invalid for request 4
modcall: group authenticate returns invalid for request 4
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=169,  
length=181
Sending Access-Reject of id 169 to 192.168.5.59:1075
     EAP-Message = 0x04040004
     Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=170,  
length=167
     Message-Authenticator = 0x8071ba7139288a5d4eaf417b07e8488a
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x0200000a01333630564c
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
   modcall[authorize]: module "preprocess" returns ok for request 5
   modcall[authorize]: module "chap" returns noop for request 5
   modcall[authorize]: module "mschap" returns noop for request 5
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 5
   rlm_eap: EAP packet type response id 0 length 10
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 5
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 170 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010100060d20
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x0b76a7305f1a54c116e95a56da193528
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=171,  
length=167
     Message-Authenticator = 0x536ad3d398545cb133dd088d08575af0
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x0202000a01333630564c
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
   modcall[authorize]: module "preprocess" returns ok for request 6
   modcall[authorize]: module "chap" returns noop for request 6
   modcall[authorize]: module "mschap" returns noop for request 6
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 6
   rlm_eap: EAP packet type response id 2 length 10
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 6
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 171 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010300060d20
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x0a7243677871b927d0cd5d13a0eb4166
Finished request 6
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=172,  
length=255
     Message-Authenticator = 0xbbc4d103a1ea7017be31b1f93cc303b7
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0x0a7243677871b927d0cd5d13a0eb4166
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message =  
0x020300500d800000004616030100410100003d030142f390db8a634fbe9ea8d2cb1a86 
cc43d9d6cc7be556720178af5cbbf49af4b400001600040005000a000900640062000300 
060013001200630100
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
   modcall[authorize]: module "preprocess" returns ok for request 7
   modcall[authorize]: module "chap" returns noop for request 7
   modcall[authorize]: module "mschap" returns noop for request 7
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 7
   rlm_eap: EAP packet type response id 3 length 80
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 7
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
     (other): before/accept initialization
     TLS_accept: before/accept initialization
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
     TLS_accept: SSLv3 read client hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
     TLS_accept: SSLv3 write server hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 062b], Certificate
     TLS_accept: SSLv3 write certificate A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest
     TLS_accept: SSLv3 write certificate request A
     TLS_accept: SSLv3 flush data
     TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 172 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message =  
0x0104040a0dc00000071d160301004a02000046030142f3909a4e2851d1e4bd63c58a11 
4fb87326da069a327e9ce84767108513edfd206424e4a88c3433368a8e62962cf0f4dca7 
507a95f1d61e0c052687dbd817b4cb000400160301062b0b0006270006240002ac308202 
a830820211a003020102020101300d06092a864886f70d0101040500308187310b300906 
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407 
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049 
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648 
86f7
     EAP-Message =  
0x0d010901160e696e666f40333630766c2e636f6d301e170d3035303830353135313034 
305a170d3036303830353135313034305a308192310b3009060355040613025553311130 
0f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f20 
537072696e6773311b3019060355040a1312333630564c20496e636f72706f7261746564 
3119301706035504031310636f707065722e333630766c2e636f6d311d301b06092a8648 
86f70d010901160e696e666f40333630766c2e636f6d30819f300d06092a864886f70d01 
0101050003818d0030818902818100b2a8e575361b42490538c4ed2247ad4df5abc181da 
c9ed
     EAP-Message =  
0x95d835a509bf155163928ba6119defdbfab08ee7a195f6d7dc261d1ff95994f8cca744 
57327260e5814422485945ee4714ecb35820520be84ff4620497cd4daa6bbe6780b07b73 
ea7452db5a55684b2c13d40d0e2add84c7979c056f2a17fe1b96fb3afd85f6bddfc50203 
010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886 
f70d0101040500038181001ac5a999fdb7bb40a77a34ecff459e4bbed2583cc0cca87080 
566061428bb88ad090c7db85db96c07dc195a512bdae84849c112036af44b9320e8c0c91 
35a6f502731fe2507dbf3a337317f739c70a561f3c7d9504293301a6b321574d22509f69 
6948
     EAP-Message =  
0xe479ed655c56041259d23a0713e28a6206517e4e10349839d5dfee6a56000372308203 
6e308202d7a003020102020100300d06092a864886f70d0101040500308187310b300906 
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407 
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049 
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648 
86f70d010901160e696e666f40333630766c2e636f6d301e170d30353038303531353036 
32355a170d3036303830353135303632355a308187310b30090603550406130255533111 
300f
     EAP-Message = 0x06035504081308436f6c6f7261646f31193017060355
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xc2b080bfcb34d8cbd3fbbb69d15050d3
Finished request 7
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=173,  
length=181
     Message-Authenticator = 0x7f76805cf32b6ca33cfdf4e43a6667f5
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0xc2b080bfcb34d8cbd3fbbb69d15050d3
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x020400060d00
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
   modcall[authorize]: module "preprocess" returns ok for request 8
   modcall[authorize]: module "chap" returns noop for request 8
   modcall[authorize]: module "mschap" returns noop for request 8
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 8
   rlm_eap: EAP packet type response id 4 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 8
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 173 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message =  
0x010503270d800000071d04071310436f6c6f7261646f20537072696e6773311b301906 
0355040a1312333630564c20496e636f72706f7261746564310e300c0603550403130533 
3630564c311d301b06092a864886f70d010901160e696e666f40333630766c2e636f6d30 
819f300d06092a864886f70d010101050003818d0030818902818100c1e36a58cf62e3ae 
df95552d32ec708012aded9061932aee060840cae5a20c8fa8ea72ba1f21253454a79c27 
799f309812d703e7bcf414044dfc3b8ea2702c0cb9a912a15e110962d8c5229ea6e7404e 
c1b28bb85f69c93f503dc4195926e8f0f621aacb7337fd8da8af009e6d5896647af6c198 
5955
     EAP-Message =  
0x1e5ce9db7367fd90c8870203010001a381e73081e4301d0603551d0e04160414ca07e0 
025ebeb3f17c26b027e597f97cfc5777493081b40603551d230481ac3081a98014ca07e0 
025ebeb3f17c26b027e597f97cfc577749a1818da4818a308187310b3009060355040613 
0255533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c 
6f7261646f20537072696e6773311b3019060355040a1312333630564c20496e636f7270 
6f7261746564310e300c06035504031305333630564c311d301b06092a864886f70d0109 
01160e696e666f40333630766c2e636f6d820100300c0603551d13040530030101ff300d 
0609
     EAP-Message =  
0x2a864886f70d01010405000381810053b790c3ef4f488e5b3c018545d4d2b91ab028c4 
7c547ecbdff6a152f80b52c4f6fbc3d074779ed87fb047a844bc473d6c417048b74409df 
5727543b8da49cef8c651ac4598c27ce116d58c5fa0337e44e1b81c2a72935f2e2e13a8b 
8ebbcc883c9135de3a11e8798abe9fb7828028d0c2ab4542e13ff7c629214fed18f086f5 
16030100990d000091020102008c008a308187310b30090603550406130255533111300f 
06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f2053 
7072696e6773311b3019060355040a1312333630564c20496e636f72706f726174656431 
0e30
     EAP-Message =  
0x0c06035504031305333630564c311d301b06092a864886f70d010901160e696e666f40 
333630766c2e636f6d0e000000
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x46be83586ea1540428f18bc0d43999e2
Finished request 8
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=174,  
length=1190
     Message-Authenticator = 0x3ea36373b58083333020105f98fcc6f9
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0x46be83586ea1540428f18bc0d43999e2
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message =  
0x020503f10d80000003e716030103b70b0002a70002a40002a13082029d30820206a003 
020102020102300d06092a864886f70d0101040500308187310b30090603550406130255 
533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f72 
61646f20537072696e6773311b3019060355040a1312333630564c20496e636f72706f72 
61746564310e300c06035504031305333630564c311d301b06092a864886f70d01090116 
0e696e666f40333630766c2e636f6d301e170d3035303830353135313335335a170d3036 
303830353135313335335a308187310b30090603550406130255533111300f0603550408 
1308
     EAP-Message =  
0x436f6c6f7261646f3119301706035504071310436f6c6f7261646f20537072696e6773 
311b3019060355040a1312333630564c20496e636f72706f7261746564310e300c060355 
04031305333630564c311d301b06092a864886f70d010901160e696e666f40333630766c 
2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ccbbdc 
b09846dcd91ca4d52b83d090144dd17379a121e0dfe4333eac31e4ecab9ddc5c161f372a 
c3d29dd07620ab1ef80302682a2e74a9715690651458d601326a99eccb3c8f07bd7db896 
d5797a559e1480a2691afd76ae30f91b952705e315fc1c4a6072b442aa78f05946338ef8 
5b9c
     EAP-Message =  
0xf9dde843c5bc1ece843f1414d4444d0203010001a317301530130603551d25040c300a 
06082b06010505070302300d06092a864886f70d010104050003818100763976dd9a2f05 
81394d8cf9680bc788e97e06a77759d79cb50f4b1d06dcad24112081efbfeb6850e8131a 
60e4a7406708d93005ab50cc5448c1caa94ff090f42645f0e0dd0bdb85742f8c804fed33 
2f48d68f5ebb4f327a4ecd1452b6032eb6f657d2867659380235bab98316528ec20b9855 
5d5bdf93d8c594ef593b3f819110000082008017b86f4025160fcf01c703fc64ae1cc08b 
cc734196507bddff87d6cfe97ae57f284a98976ab69f278c20d9e29eb37dca36c06b2ffb 
eca3
     EAP-Message =  
0x8fa19bb0e069266e74d2fd52e4c784892cf6eed652723b7b1800acfc0f79d324f13b5c 
ea2819b4c710a126b5182cf510b36901e8175571a25908b4432f580dafbf5f344f1dacdc 
d03f0f000082008022b85e222f7e51d8ab7064bb66fdcfaa4e5e19533975f958ce4232d2 
2923fb753b05d8a631506848aefd3a4ad6cf1425935cf0b8ac3054b608c394b1d35a0646 
eafc858c495206d9cb277a3129aff3bab030f860e4387e235b2e5c53219c5e86c5f3eee1 
1ad88feea95fdb327a920ed287142a9c19d1807ae88af91c7e93e2ab1403010001011603 
010020d30f49c2ee685496c0b673f3c30ace4e9d068b37f57937dee17f73cc7aee525e
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
   modcall[authorize]: module "preprocess" returns ok for request 9
   modcall[authorize]: module "chap" returns noop for request 9
   modcall[authorize]: module "mschap" returns noop for request 9
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 9
   rlm_eap: EAP packet type response id 5 length 253
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 9
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 02ab], Certificate
--> verify error:num=18:self signed certificate
chain-depth=0,
error=18
--> User-Name = 360VL
--> BUF-Name = 360VL
--> subject = /C=US/ST=Colorado/L=Colorado Springs/O=360VL  
Incorporated/CN=360VL/emailAddress=emailwithheld
--> issuer  = /C=US/ST=Colorado/L=Colorado Springs/O=360VL  
Incorporated/CN=360VL/emailAddress=emailwithheld
--> verify return:0
   rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
     TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 174 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010600110d800000000715030100020230
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xfc76e05422193720d431a9e96db434ad
Finished request 9
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=175,  
length=181
     Message-Authenticator = 0x3cb38e214ac8af13cae93335934db928
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0xfc76e05422193720d431a9e96db434ad
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x020600060d00
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
   modcall[authorize]: module "preprocess" returns ok for request 10
   modcall[authorize]: module "chap" returns noop for request 10
   modcall[authorize]: module "mschap" returns noop for request 10
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 10
   rlm_eap: EAP packet type response id 6 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 10
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 10
modcall: group authorize returns updated for request 10
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack alert
   eaptls_verify returned 4
   eaptls_process returned 4
  rlm_eap: Handler failed in EAP/tls
   rlm_eap: Failed in EAP select
   modcall[authenticate]: module "eap" returns invalid for request 10
modcall: group authenticate returns invalid for request 10
auth: Failed to validate the user.
Delaying request 10 for 1 seconds
Finished request 10
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=175,  
length=181
Sending Access-Reject of id 175 to 192.168.5.59:1075
     EAP-Message = 0x04060004
     Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=176,  
length=167
     Message-Authenticator = 0xed8dfb1d74dd2d45a5aa491086fc34d7
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x0200000a01333630564c
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
   modcall[authorize]: module "preprocess" returns ok for request 11
   modcall[authorize]: module "chap" returns noop for request 11
   modcall[authorize]: module "mschap" returns noop for request 11
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 11
   rlm_eap: EAP packet type response id 0 length 10
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 11
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 11
modcall: group authorize returns updated for request 11
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 11
modcall: group authenticate returns handled for request 11
Sending Access-Challenge of id 176 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010100060d20
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x477c55c8220b91dbaaf48dec55693784
Finished request 11
Going to the next request
--- Walking the entire request list ---
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=177,  
length=167
     Message-Authenticator = 0xf2ffc7d2b55b48a295ea98c02dd2beba
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x0202000a01333630564c
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
   modcall[authorize]: module "preprocess" returns ok for request 12
   modcall[authorize]: module "chap" returns noop for request 12
   modcall[authorize]: module "mschap" returns noop for request 12
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 12
   rlm_eap: EAP packet type response id 2 length 10
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 12
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 12
modcall: group authorize returns updated for request 12
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 12
modcall: group authenticate returns handled for request 12
Sending Access-Challenge of id 177 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010300060d20
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x5132de59d6e9fa7406d5a3a7fd916460
Finished request 12
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=178,  
length=255
     Message-Authenticator = 0x1dd14c9ef65e83a0230f1870c2339f1d
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0x5132de59d6e9fa7406d5a3a7fd916460
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message =  
0x020300500d800000004616030100410100003d030142f390ddb61a462925787781e43b 
633cd37484dcbb2f065295ea83ef3f32d69d00001600040005000a000900640062000300 
060013001200630100
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
   modcall[authorize]: module "preprocess" returns ok for request 13
   modcall[authorize]: module "chap" returns noop for request 13
   modcall[authorize]: module "mschap" returns noop for request 13
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 13
   rlm_eap: EAP packet type response id 3 length 80
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 13
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 13
modcall: group authorize returns updated for request 13
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
     (other): before/accept initialization
     TLS_accept: before/accept initialization
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
     TLS_accept: SSLv3 read client hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
     TLS_accept: SSLv3 write server hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 062b], Certificate
     TLS_accept: SSLv3 write certificate A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest
     TLS_accept: SSLv3 write certificate request A
     TLS_accept: SSLv3 flush data
     TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 13
modcall: group authenticate returns handled for request 13
Sending Access-Challenge of id 178 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message =  
0x0104040a0dc00000071d160301004a02000046030142f3909c147f72795543365b423d 
357307980b8bfeadf7b73a6872c7d925d1b220dd77b106135ce0d8f7882941c54cfa5c9a 
db0969ab8fac2df1d21b212c9ef0ad000400160301062b0b0006270006240002ac308202 
a830820211a003020102020101300d06092a864886f70d0101040500308187310b300906 
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407 
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049 
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648 
86f7
     EAP-Message =  
0x0d010901160e696e666f40333630766c2e636f6d301e170d3035303830353135313034 
305a170d3036303830353135313034305a308192310b3009060355040613025553311130 
0f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f20 
537072696e6773311b3019060355040a1312333630564c20496e636f72706f7261746564 
3119301706035504031310636f707065722e333630766c2e636f6d311d301b06092a8648 
86f70d010901160e696e666f40333630766c2e636f6d30819f300d06092a864886f70d01 
0101050003818d0030818902818100b2a8e575361b42490538c4ed2247ad4df5abc181da 
c9ed
     EAP-Message =  
0x95d835a509bf155163928ba6119defdbfab08ee7a195f6d7dc261d1ff95994f8cca744 
57327260e5814422485945ee4714ecb35820520be84ff4620497cd4daa6bbe6780b07b73 
ea7452db5a55684b2c13d40d0e2add84c7979c056f2a17fe1b96fb3afd85f6bddfc50203 
010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886 
f70d0101040500038181001ac5a999fdb7bb40a77a34ecff459e4bbed2583cc0cca87080 
566061428bb88ad090c7db85db96c07dc195a512bdae84849c112036af44b9320e8c0c91 
35a6f502731fe2507dbf3a337317f739c70a561f3c7d9504293301a6b321574d22509f69 
6948
     EAP-Message =  
0xe479ed655c56041259d23a0713e28a6206517e4e10349839d5dfee6a56000372308203 
6e308202d7a003020102020100300d06092a864886f70d0101040500308187310b300906 
03550406130255533111300f06035504081308436f6c6f7261646f311930170603550407 
1310436f6c6f7261646f20537072696e6773311b3019060355040a1312333630564c2049 
6e636f72706f7261746564310e300c06035504031305333630564c311d301b06092a8648 
86f70d010901160e696e666f40333630766c2e636f6d301e170d30353038303531353036 
32355a170d3036303830353135303632355a308187310b30090603550406130255533111 
300f
     EAP-Message = 0x06035504081308436f6c6f7261646f31193017060355
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x65e62c501c4cec769c8d45a40faf9a67
Finished request 13
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=179,  
length=181
     Message-Authenticator = 0x4b1d387a1df61d3afeff11b22d27432f
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0x65e62c501c4cec769c8d45a40faf9a67
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x020400060d00
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
   modcall[authorize]: module "preprocess" returns ok for request 14
   modcall[authorize]: module "chap" returns noop for request 14
   modcall[authorize]: module "mschap" returns noop for request 14
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 14
   rlm_eap: EAP packet type response id 4 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 14
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 14
modcall: group authorize returns updated for request 14
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 14
modcall: group authenticate returns handled for request 14
Sending Access-Challenge of id 179 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message =  
0x010503270d800000071d04071310436f6c6f7261646f20537072696e6773311b301906 
0355040a1312333630564c20496e636f72706f7261746564310e300c0603550403130533 
3630564c311d301b06092a864886f70d010901160e696e666f40333630766c2e636f6d30 
819f300d06092a864886f70d010101050003818d0030818902818100c1e36a58cf62e3ae 
df95552d32ec708012aded9061932aee060840cae5a20c8fa8ea72ba1f21253454a79c27 
799f309812d703e7bcf414044dfc3b8ea2702c0cb9a912a15e110962d8c5229ea6e7404e 
c1b28bb85f69c93f503dc4195926e8f0f621aacb7337fd8da8af009e6d5896647af6c198 
5955
     EAP-Message =  
0x1e5ce9db7367fd90c8870203010001a381e73081e4301d0603551d0e04160414ca07e0 
025ebeb3f17c26b027e597f97cfc5777493081b40603551d230481ac3081a98014ca07e0 
025ebeb3f17c26b027e597f97cfc577749a1818da4818a308187310b3009060355040613 
0255533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c 
6f7261646f20537072696e6773311b3019060355040a1312333630564c20496e636f7270 
6f7261746564310e300c06035504031305333630564c311d301b06092a864886f70d0109 
01160e696e666f40333630766c2e636f6d820100300c0603551d13040530030101ff300d 
0609
     EAP-Message =  
0x2a864886f70d01010405000381810053b790c3ef4f488e5b3c018545d4d2b91ab028c4 
7c547ecbdff6a152f80b52c4f6fbc3d074779ed87fb047a844bc473d6c417048b74409df 
5727543b8da49cef8c651ac4598c27ce116d58c5fa0337e44e1b81c2a72935f2e2e13a8b 
8ebbcc883c9135de3a11e8798abe9fb7828028d0c2ab4542e13ff7c629214fed18f086f5 
16030100990d000091020102008c008a308187310b30090603550406130255533111300f 
06035504081308436f6c6f7261646f3119301706035504071310436f6c6f7261646f2053 
7072696e6773311b3019060355040a1312333630564c20496e636f72706f726174656431 
0e30
     EAP-Message =  
0x0c06035504031305333630564c311d301b06092a864886f70d010901160e696e666f40 
333630766c2e636f6d0e000000
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x031c5f5e68c7d536cfa34b376c9b050a
Finished request 14
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=180,  
length=1190
     Message-Authenticator = 0x1491be9e5a592e4eae8a415b232ab21e
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0x031c5f5e68c7d536cfa34b376c9b050a
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message =  
0x020503f10d80000003e716030103b70b0002a70002a40002a13082029d30820206a003 
020102020102300d06092a864886f70d0101040500308187310b30090603550406130255 
533111300f06035504081308436f6c6f7261646f3119301706035504071310436f6c6f72 
61646f20537072696e6773311b3019060355040a1312333630564c20496e636f72706f72 
61746564310e300c06035504031305333630564c311d301b06092a864886f70d01090116 
0e696e666f40333630766c2e636f6d301e170d3035303830353135313335335a170d3036 
303830353135313335335a308187310b30090603550406130255533111300f0603550408 
1308
     EAP-Message =  
0x436f6c6f7261646f3119301706035504071310436f6c6f7261646f20537072696e6773 
311b3019060355040a1312333630564c20496e636f72706f7261746564310e300c060355 
04031305333630564c311d301b06092a864886f70d010901160e696e666f40333630766c 
2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ccbbdc 
b09846dcd91ca4d52b83d090144dd17379a121e0dfe4333eac31e4ecab9ddc5c161f372a 
c3d29dd07620ab1ef80302682a2e74a9715690651458d601326a99eccb3c8f07bd7db896 
d5797a559e1480a2691afd76ae30f91b952705e315fc1c4a6072b442aa78f05946338ef8 
5b9c
     EAP-Message =  
0xf9dde843c5bc1ece843f1414d4444d0203010001a317301530130603551d25040c300a 
06082b06010505070302300d06092a864886f70d010104050003818100763976dd9a2f05 
81394d8cf9680bc788e97e06a77759d79cb50f4b1d06dcad24112081efbfeb6850e8131a 
60e4a7406708d93005ab50cc5448c1caa94ff090f42645f0e0dd0bdb85742f8c804fed33 
2f48d68f5ebb4f327a4ecd1452b6032eb6f657d2867659380235bab98316528ec20b9855 
5d5bdf93d8c594ef593b3f81911000008200804992c539a78d668390fe37e7791bfd398c 
439a5bb8b3899c906dc1112606f7e03ed376d7ccf86c0f2ce99988117f04c59225c98b5f 
a5bc
     EAP-Message =  
0x3136bbbdec6f4745dcc502e3e287131e93241f624c2b2042af8985203ec6098b9069ef 
29594e7d936ac6599f22a890787ee14d7c3f1d6e2fadcb305e5cce766d0e0a338980aebb 
24420f00008200804465675875b0c9ec0bb347d497a635a948b2387604fe5a9c4cdec47a 
2ab70b371279d0a7e05007fbfee9c45cf57b3e8fb016d1099ab443ef08d21570577706e8 
09de1a74e65c69f739207b2b2de53ff5d8bf1a87141f098dc5f9516ca817919fc1847728 
8a79bfc711dcaabb47645e61f641653f91ce6f9f03d9b3050b89ad421403010001011603 
010020aa8f644dc9b4649dd21740ab8541ccb568e37a47cae11a0173e6e50a616b483d
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
   modcall[authorize]: module "preprocess" returns ok for request 15
   modcall[authorize]: module "chap" returns noop for request 15
   modcall[authorize]: module "mschap" returns noop for request 15
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 15
   rlm_eap: EAP packet type response id 5 length 253
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 15
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 15
modcall: group authorize returns updated for request 15
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 02ab], Certificate
--> verify error:num=18:self signed certificate
chain-depth=0,
error=18
--> User-Name = 360VL
--> BUF-Name = 360VL
--> subject = /C=US/ST=Colorado/L=Colorado Springs/O=360VL  
Incorporated/CN=360VL/emailAddress=emailwithheld
--> issuer  = /C=US/ST=Colorado/L=Colorado Springs/O=360VL  
Incorporated/CN=360VL/emailAddress=emailwithheld
--> verify return:0
   rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
     TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 15
modcall: group authenticate returns handled for request 15
Sending Access-Challenge of id 180 to 192.168.5.59:1075
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010600110d800000000715030100020230
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xc8ab204f06d545924a370c20bd5b91c4
Finished request 15
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=181,  
length=181
     Message-Authenticator = 0x212a50be58cd4ed3d2bb744a9400d174
     Service-Type = Framed-User
     User-Name = "360VL"
     Framed-MTU = 1488
     State = 0xc8ab204f06d545924a370c20bd5b91c4
     Called-Station-Id = "000FB57A156E:360VL"
     Calling-Station-Id = "000BCD56E3CB"
     NAS-Identifier = "360VL"
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 54Mbps 802.11g"
     EAP-Message = 0x020600060d00
     NAS-IP-Address = 192.168.5.59
     NAS-Port = 1
     NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
   modcall[authorize]: module "preprocess" returns ok for request 16
   modcall[authorize]: module "chap" returns noop for request 16
   modcall[authorize]: module "mschap" returns noop for request 16
     rlm_realm: No '@' in User-Name = "360VL", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 16
   rlm_eap: EAP packet type response id 6 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 16
     users: Matched DEFAULT at 156
     users: Matched DEFAULT at 175
   modcall[authorize]: module "files" returns ok for request 16
modcall: group authorize returns updated for request 16
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack alert
   eaptls_verify returned 4
   eaptls_process returned 4
  rlm_eap: Handler failed in EAP/tls
   rlm_eap: Failed in EAP select
   modcall[authenticate]: module "eap" returns invalid for request 16
modcall: group authenticate returns invalid for request 16
auth: Failed to validate the user.
Delaying request 16 for 1 seconds
Finished request 16
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.5.59:1075, id=181,  
length=181
Sending Access-Reject of id 181 to 192.168.5.59:1075
     EAP-Message = 0x04060004
     Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 165 with timestamp 42f39098
Cleaning up request 1 ID 166 with timestamp 42f39098
Cleaning up request 2 ID 167 with timestamp 42f39098
Cleaning up request 3 ID 168 with timestamp 42f39098
Cleaning up request 4 ID 169 with timestamp 42f39098
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 170 with timestamp 42f3909a
Cleaning up request 6 ID 171 with timestamp 42f3909a
Cleaning up request 7 ID 172 with timestamp 42f3909a
Cleaning up request 8 ID 173 with timestamp 42f3909a
Cleaning up request 9 ID 174 with timestamp 42f3909a
Cleaning up request 10 ID 175 with timestamp 42f3909a
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 11 ID 176 with timestamp 42f3909c
Cleaning up request 12 ID 177 with timestamp 42f3909c
Cleaning up request 13 ID 178 with timestamp 42f3909c
Cleaning up request 14 ID 179 with timestamp 42f3909c
Cleaning up request 15 ID 180 with timestamp 42f3909c
Cleaning up request 16 ID 181 with timestamp 42f3909c
Nothing to do.  Sleeping until we see a request.




More information about the Freeradius-Users mailing list