FreeRadius +TLS (base on openssl)
Frank Buttner
frank-buettner at gmx.net
Sat Dec 31 10:18:07 CET 2005
Have your radius server multiple IP addresses? In my case that was one of my
problems. And the second was that the client and server certificate has not
extensions part.
-----Original Message-----
From: freeradius-users-bounces+frank-buettner=gmx.net at lists.freeradius.org
[mailto:freeradius-users-bounces+frank-buettner=gmx.net at lists.freeradius.org
] On Behalf Of Adam Rogalski
Sent: Friday, December 30, 2005 12:10 PM
To: FreeRadius users mailing list
Subject: FreeRadius +TLS (base on openssl)
Hi
I figth with my Radius for one week and I don't have more ideas. I would
like to make my home network with WPA enterprise (WPA with TKIP + 802.1x). I
made my own CA and generate certificates for server and client. Everything
like I red in howto from freeradius.org. My server is on fedora core 4 but I
try on slackware too.
When I use on my AP (linksys wrt54g) WPA enterprise command radiusd -X stops
after:
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
when I change for only RADIUS and WEP I get after radiusd -X message:
root at serwerek sbin]# ./radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "nobody"
main: group = "nobody"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/server_keycert.pem"
tls: certificate_file = "/etc/raddb/certs/server_keycert.pem"
tls: CA_file = "/etc/raddb/certs/cacert.pem"
tls: private_key_password = "adam01"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Addre ss, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%
d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
[root at serwerek sbin]# ./radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "nobody"
main: group = "nobody"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/server_keycert.pem"
tls: certificate_file = "/etc/raddb/certs/server_keycert.pem"
tls: CA_file = "/etc/raddb/certs/cacert.pem"
tls: private_key_password = "adam01"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Addre ss, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%
d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, length=121
User-Name = "Adam"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "0014bf2f16c2"
Calling-Station-Id = "000e3573296d"
NAS-Identifier = "0014bf2f16c2"
NAS-Port = 55
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02000009014164616d
Message-Authenticator = 0x88f32269e104d036be28f8411cd133b6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0 Sending
Access-Challenge of id 0 to 192.168.1.1:2054
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x44e256d6f94136dbb146b56055f69cf3
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, length=236
User-Name = "Adam"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "0014bf2f16c2"
Calling-Station-Id = "000e3573296d"
NAS-Identifier = "0014bf2f16c2"
NAS-Port = 55
Framed-MTU = 1400
State = 0x44e256d6f94136dbb146b56055f69cf3
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0201006a0d8000000060160301005b01000057030143b50d1a0e6730
f71ec0114327ca53bc3eade6ecabd6c027a46f2642fb6e39d000003000390038003500160013
000a
00330032002f0066000500040065006400630062006000150012000900140011000800030100
Message-Authenticator = 0xe801c7aec46700968dfa44913e23d516
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 106
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 02a7], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange
TLS_accept: SSLv3 write key exchange A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A In SSL Handshake
Phase In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1 Sending
Access-Challenge of id 0 to 192.168.1.1:2054
EAP-Message =
0x0102040a0dc0000004ab160301004a02000046030143b50c5e53e9e8
a74a80938207f2b0b3bb015986bef383fbada6998b571453ee2050a14d2d1936b94767dc8e38
5486
0e4a418ee7d1541dc3c54807f12c5996889200390016030102a70b0002a30002a000029d3082
0299
30820202a003020102020101300d06092a864886f70d0101040500308185310b300906035504
0613
02504c311330110603550408130a446f6c6e79536c61736b3110300e0603550407130757726f
636c
6177310e300c060355040a1305446f6d656b3122302006035504031319736572776572656b2e
6164
616d656b2e686f70746f2e6f7267311b301906092a864886f7
EAP-Message =
0x0d010901160c61726f67616c4077702e706c301e170d303531323330
3038333635345a170d3036313233303038333635345a308185310b300906035504061302504c
3113
30110603550408130a446f6c6e79536c61736b3110300e0603550407130757726f636c617731
0e30
0c060355040a1305446f6d656b3122302006035504031319736572776572656b2e6164616d65
6b2e
686f70746f2e6f7267311b301906092a864886f70d010901160c61726f67616c4077702e706c
3081
9f300d06092a864886f70d010101050003818d0030818902818100e446b6595abca00c76e48b
21d6
95f43d9a2770dd067bfcaef859ec5bcedb74a14600a9dd179e
EAP-Message =
0x23d8f7809495f018a50d359f78915fb18b41a74e7441f6716823e415
0febd758698291dd48150bc697d56be21a536b089b17f9e3fa049db4e52402fac8f72e493cbf
cbda
0e217cdd2a93598632c1c64cc7d70840ec0fbce918e30203010001a317301530130603551d25
040c
300a06082b06010505070301300d06092a864886f70d0101040500038181000662e9a572dec1
51d2
6adb88c7cee3cc7bf0f7f41e8c03d8b85b2b7db7ab2b35fb21ecabb9f15f395e6482b762c04a
ec81
0c4a9883986037d5c17eaf0539e64aae928e7da2394d5b5b3c7d61791d3ae373cf15a1592502
1f00
51f518de9c12f6e04fe46f39a2b53f6b2345b0b94fc9da2499
EAP-Message =
0x110108df4251a2d2f21ca4ebaf2c160301010d0c0001090040ca7f38
db174492ff0737acbd4117d15bb7b41b837016a8422f3a34f9af06244de89a01df120f154711
7480
2929bc655907ca6ff7b441f03ea72c1ad2c3caae8b00010500407f8f356cf73802cb22f17e4d
3a2c
ea90839f15a1b1c4d7d15014724bd5ef9aba1e17dd262df70a5c8784c64dbd5dcb6a0ae0bdfa
390b
337d50ed9e97d97324b60080c10536878e2d1ec56f2ad550b03e61c35ae1920f1d5ab39c5ed5
bfe2
f8cd2b804799634038088cd836ab6229e86a39589c5a3f9cf93c700c2dfd6bf684ea2e5efc90
12db
f4a6704e75cdd233d632c43e0f0a762ad8df90da110e39dd2f
EAP-Message = 0x0aab1b9e0bc4fe20ea2b877b8ccb0c2e7b89e1e6952f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x767b202144333f7b0182c93a33070eb4
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, length=136
User-Name = "Adam"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "0014bf2f16c2"
Calling-Station-Id = "000e3573296d"
NAS-Identifier = "0014bf2f16c2"
NAS-Port = 55
Framed-MTU = 1400
State = 0x767b202144333f7b0182c93a33070eb4
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200060d00
Message-Authenticator = 0x2e5131827a4a1a6955a9eada5a37ad5d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2 Sending
Access-Challenge of id 0 to 192.168.1.1:2054
EAP-Message =
0x010300b50d80000004abea37366e949b739e4e8ce5d1051603010099
0d0000910403040102008a0088308185310b300906035504061302504c311330110603550408
130a
446f6c6e79536c61736b3110300e0603550407130757726f636c6177310e300c060355040a13
0544
6f6d656b3122302006035504031319736572776572656b2e6164616d656b2e686f70746f2e6f
7267
311b301906092a864886f70d010901160c61726f67616c4077702e706c0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe15d58f49422b6ce53338dbcb286d67d
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, length=147
User-Name = "Adam"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "0014bf2f16c2"
Calling-Station-Id = "000e3573296d"
NAS-Identifier = "0014bf2f16c2"
NAS-Port = 55
Framed-MTU = 1400
State = 0xe15d58f49422b6ce53338dbcb286d67d
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300110d800000000715030100020230
Message-Authenticator = 0x9ccbb7428e7fb4c0adce582d01b259c6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert
read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
2426:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c :1052:SSL alert number 48
2426:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c: 837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 3
modcall: group authenticate returns reject for request 3
auth: Failed to validate the user.
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 192.168.1.1:2054
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 3 ID 0 with timestamp 43b50c5e Nothing to do. Sleeping
until we see a request.
As a client I use my buildin centrino card intel2200 and windows xp with sp2
So if enybody can help I will be very gratefull
Best regards
Adam
More information about the Freeradius-Users
mailing list