FW: TTLS and PAP
martin.p.bradley at bt.com
martin.p.bradley at bt.com
Tue Jul 19 15:39:09 CEST 2005
Folks,
I'm trying to get TTLS/PAP working using freeradius 1.0.4. I must have
it configured incorrectly because its giving a Segmentation fault just
before giving the Access-Accept & EAP-Success back to the switch. I
have searched the archives for a solution but not found help to sort my
problem out.
I have played around with the configuration but don't fully understand
what I'm doing. Could someone point me to a place where I can read and
understand how the authenticate and autorize sections work. The
explanation in the radiusd.conf file don't seem to click with me.
I don't understand is why the modcall[authorise] appear often in request
processing before modcall[authenticate]. I thought the order was to
authenticate a user and then once we are sure they are who they say they
are then we authorise them to use the network.
Thanks for any help,
Martin.
radiusd.conf ................
authenticate {
Auth-Type PAP {
pap
}
eap
}
authorize {
preprocess
eap
files
}
Users file......................
"Client certificate" Auth-Type := Local, User-Password == "bradley"
Service-Type = Framed-User,
Framed-Compression = Van-Jacobsen-TCP-IP
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
users: Matched entry DEFAULT at line 162
modcall[authorize]: module "files" returns ok for request 3
rlm_eap: EAP packet type response id 34 length 200
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type System
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'anonymous'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
TLS_accept: SSLv3 read client key exchange A
TLS_accept: SSLv3 read finished A
TLS_accept: SSLv3 write change cipher spec A
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 34 to 10.230.199.248:1126
EAP-Message =
0x0123003d15800000003314030100010116030100288b7a33f454f760f4cddff2f95941
b215a6f3d73b5e422d1744b2201bee31448f10dc78f33f354476
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x49b28c5e2307f384db00487f11336474
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.230.199.248:1126, id=35,
length=248
User-Name = "anonymous"
NAS-IP-Address = 10.230.199.248
NAS-Port = 2
State = 0x49b28c5e2307f384db00487f11336474
Calling-Station-Id = "00:06:5b:d6:ff:24"
NAS-Identifier = "radius-netgear"
NAS-Port-Type = Ethernet
EAP-Message =
0x02230078150017030100189e2c7d7fea093fe36d2ad301f92cc2ef4cba50563b00a0a8
1703010050b5955c43a5cd51375cebde00ed386a2f4273385aa3f6b0b2c6f7e15b73a75e
e8f64e15abdca0a875fd3408d3ce811a76580cee45fc540215f84bcc2f99a95cc5199a36
da952c0a76243f7f7645f4327b
Message-Authenticator = 0x3ddd5d8d65f10f4a26c7db7ab52a96db
X-Ascend-Token-Idle = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
users: Matched entry DEFAULT at line 162
modcall[authorize]: module "files" returns ok for request 4
rlm_eap: EAP packet type response id 35 length 120
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type System
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'anonymous'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled
attributes.
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
users: Matched entry Client certificate at line 90
modcall[authorize]: module "files" returns ok for request 4
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 4
modcall: group authorize returns ok for request 4
auth: type Local
auth: user supplied User-Password matches local User-Password
TTLS: Got tunneled Access-Accept
Segmentation fault
[root at mars raddb]#
More information about the Freeradius-Users
mailing list