authenticate problem XP eap/tls

Thuis Algemeen thuis-algemeen at chello.nl
Sun Oct 9 15:57:13 CEST 2005 

Hallo everybody,

I have a problem with authenticating my laptop with XP to the freeradius server running on Fedora.
Seems that the authenticating proces is in an endless loop. The hotfix KB885453 for XP SP2 wireless
authentication failure not resolved the problem. Here the log from freeradius, the onl error I can see is :
"TLS_accept:error in SSLv3 read client certificate A".

Can anyone please teel me what is hoing wrong?

With regards,

Jurgen

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Starting - reading configuration files ...

reread_config: reading radiusd.conf

Config: including file: /etc/raddb/proxy.conf

Config: including file: /etc/raddb/clients.conf

Config: including file: /etc/raddb/snmp.conf

Config: including file: /etc/raddb/eap.conf

Config: including file: /etc/raddb/sql.conf

main: prefix = "/usr/local"

main: localstatedir = "/var"

main: logdir = "/var/log/radius"

main: libdir = "/usr/local/lib"

main: radacctdir = "/var/log/radius/radacct"

main: hostname_lookups = no

main: max_request_time = 30

main: cleanup_delay = 5

main: max_requests = 1024

main: delete_blocked_requests = 0

main: port = 0

main: allow_core_dumps = no

main: log_stripped_names = no

main: log_file = "/var/log/radius/radius.log"

main: log_auth = yes

main: log_auth_badpass = yes

main: log_auth_goodpass = yes

main: pidfile = "/var/run/radiusd/radiusd.pid"

main: user = "(null)"

main: group = "(null)"

main: usercollide = no

main: lower_user = "no"

main: lower_pass = "no"

main: nospace_user = "no"

main: nospace_pass = "no"

main: checkrad = "/usr/local/sbin/checkrad"

main: proxy_requests = yes

proxy: retry_delay = 5

proxy: retry_count = 3

proxy: synchronous = no

proxy: default_fallback = yes

proxy: dead_time = 120

proxy: post_proxy_authorize = yes

proxy: wake_all_if_all_dead = no

security: max_attributes = 200

security: reject_delay = 1

security: status_server = no

main: debug_level = 0

read_config_files: reading dictionary

read_config_files: reading naslist

Using deprecated naslist file. Support for this will go away soon.

read_config_files: reading clients

read_config_files: reading realms

radiusd: entering modules setup

Module: Library search path is /usr/local/lib

Module: Loaded exec 

exec: wait = yes

exec: program = "(null)"

exec: input_pairs = "request"

exec: output_pairs = "(null)"

exec: packet_type = "(null)"

rlm_exec: Wait=yes but no output defined. Did you mean output=none?

Module: Instantiated exec (exec) 

Module: Loaded expr 

Module: Instantiated expr (expr) 

Module: Loaded System 

unix: cache = no

unix: passwd = "/etc/passwd"

unix: shadow = "/etc/shadow"

unix: group = "/etc/group"

unix: radwtmp = "/var/log/radius/radwtmp"

unix: usegroup = no

unix: cache_reload = 600

Module: Instantiated unix (unix) 

Module: Loaded eap 

eap: default_eap_type = "tls"

eap: timer_expire = 60

eap: ignore_unknown_eap_types = no

eap: cisco_accounting_username_bug = no

tls: rsa_key_exchange = no

tls: dh_key_exchange = yes

tls: rsa_key_length = 512

tls: dh_key_length = 512

tls: verify_depth = 0

tls: CA_path = "(null)"

tls: pem_file_type = yes

tls: private_key_file = "/var/ssl/fedora.pem"

tls: certificate_file = "/var/ssl/fedora.pem"

tls: CA_file = "/var/ssl/root.pem"

tls: private_key_password = "defcon1"

tls: dh_file = "/var/ssl/dh"

tls: random_file = "/var/ssl/random-data.bin"

tls: fragment_size = 1024

tls: include_length = yes

tls: check_crl = no

tls: check_cert_cn = "(null)"

rlm_eap: Loaded and initialized type tls

ttls: default_eap_type = "md5"

ttls: copy_request_to_tunnel = no

ttls: use_tunneled_reply = no

rlm_eap: Loaded and initialized type ttls

Module: Instantiated eap (eap) 

Module: Loaded preprocess 

preprocess: huntgroups = "/etc/raddb/huntgroups"

preprocess: hints = "/etc/raddb/hints"

preprocess: with_ascend_hack = no

preprocess: ascend_channels_per_line = 23

preprocess: with_ntdomain_hack = no

preprocess: with_specialix_jetstream_hack = no

preprocess: with_cisco_vsa_hack = no

Module: Instantiated preprocess (preprocess) 

Module: Loaded realm 

realm: format = "suffix"

realm: delimiter = "@"

realm: ignore_default = no

realm: ignore_null = no

Module: Instantiated realm (suffix) 

Module: Loaded files 

files: usersfile = "/etc/raddb/users"

files: acctusersfile = "/etc/raddb/acct_users"

files: preproxy_usersfile = "/etc/raddb/preproxy_users"

files: compat = "no"

Module: Instantiated files (files) 

Module: Loaded Acct-Unique-Session-Id 

acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"

Module: Instantiated acct_unique (acct_unique) 

Module: Loaded detail 

detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"

detail: detailperm = 384

detail: dirperm = 493

detail: locking = no

Module: Instantiated detail (detail) 

Module: Loaded radutmp 

radutmp: filename = "/var/log/radius/radutmp"

radutmp: username = "%{User-Name}"

radutmp: case_sensitive = yes

radutmp: check_with_nas = yes

radutmp: perm = 384

radutmp: callerid = yes

Module: Instantiated radutmp (radutmp) 

Listening on authentication *:1812

Listening on accounting *:1813

Ready to process requests.

rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0, length=141

User-Name = "Jurgen Tessers"

NAS-IP-Address = 192.168.11.1

Called-Station-Id = "001217374d34"

Calling-Station-Id = "00904bfa38fd"

NAS-Identifier = "001217374d34"

NAS-Port = 63

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x02000013014a757267656e2054657373657273

Message-Authenticator = 0x42efd7eecba0f25f6b411ac57d7ea548

Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 0

modcall[authorize]: module "preprocess" returns ok for request 0

rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL

rlm_realm: No such realm "NULL"

modcall[authorize]: module "suffix" returns noop for request 0

rlm_eap: EAP packet type response id 0 length 19

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

modcall[authorize]: module "eap" returns updated for request 0

users: Matched entry Jurgen Tessers at line 98

modcall[authorize]: module "files" returns ok for request 0

modcall: group authorize returns updated for request 0

rad_check_password: Found Auth-Type EAP

auth: type "EAP"

Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 0

rlm_eap: EAP Identity

rlm_eap: processing type tls

rlm_eap_tls: Requiring client certificate

rlm_eap_tls: Initiate

rlm_eap_tls: Start returned 1

modcall[authenticate]: module "eap" returns handled for request 0

modcall: group authenticate returns handled for request 0

Sending Access-Challenge of id 0 to 192.168.11.1:2048

EAP-Message = 0x010100060d20

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x758c6f33ed1109d20b05b81c96e35e69

Finished request 0

Going to the next request

--- Walking the entire request list ---

Waking up in 6 seconds...

rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0, length=220

User-Name = "Jurgen Tessers"

NAS-IP-Address = 192.168.11.1

Called-Station-Id = "001217374d34"

Calling-Station-Id = "00904bfa38fd"

NAS-Identifier = "001217374d34"

NAS-Port = 63

Framed-MTU = 1400

State = 0x758c6f33ed1109d20b05b81c96e35e69

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x020100500d800000004616030100410100003d03014348fba69c26178521b8234e0344fe364cd297c8175c9b9fc78b1e1b493124bd00001600040005000a000900640062000300060013001200630100

Message-Authenticator = 0xe525ae2f6a17af6807c4cba4672d8cfe

Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 1

modcall[authorize]: module "preprocess" returns ok for request 1

rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL

rlm_realm: No such realm "NULL"

modcall[authorize]: module "suffix" returns noop for request 1

rlm_eap: EAP packet type response id 1 length 80

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

modcall[authorize]: module "eap" returns updated for request 1

users: Matched entry Jurgen Tessers at line 98

modcall[authorize]: module "files" returns ok for request 1

modcall: group authorize returns updated for request 1

rad_check_password: Found Auth-Type EAP

auth: type "EAP"

Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 1

rlm_eap: Request found, released from the list

rlm_eap: EAP/tls

rlm_eap: processing type tls

rlm_eap_tls: Authenticate

rlm_eap_tls: processing TLS

rlm_eap_tls: Length Included

eaptls_verify returned 11 

(other): before/accept initialization 

TLS_accept: before/accept initialization 

rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 

TLS_accept: SSLv3 read client hello A 

rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 

TLS_accept: SSLv3 write server hello A 

rlm_eap_tls: >>> TLS 1.0 Handshake [length 02ed], Certificate 

TLS_accept: SSLv3 write certificate A 

rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b6], CertificateRequest 

TLS_accept: SSLv3 write certificate request A 

TLS_accept: SSLv3 flush data 

In SSL Handshake Phase 

In SSL Accept mode 

eaptls_process returned 13 

modcall[authenticate]: module "eap" returns handled for request 1

modcall: group authenticate returns handled for request 1

Sending Access-Challenge of id 0 to 192.168.11.1:2048

EAP-Message = 0x010204060d80000003fc160301004a0200004603014348fbcebd072024a76a70a8c08fb949728a21e9713d44fbbc38a6f1348783c5206b79ec137c31849951ea86a02e347cfff2bd39195ed056e4d8ec15a87656c23c00040016030102ed0b0002e90002e60002e3308202df30820248a003020102020900fc8e09110b5a3eca300d06092a864886f70d01010405003081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e7431183016060355040313

EAP-Message = 0x0f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c67656d65656e406368656c6c6f2e6e6c301e170d3035313030363231323734355a170d3036313030363231323734355a3081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e74311830160603550403130f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c67656d65656e406368656c6c6f

EAP-Message = 0x2e6e6c30819f300d06092a864886f70d010101050003818d0030818902818100dafaddb5bba8f2e1f54d2bf108425809657fa562555efcacf79362cb331b3e4f7030b88616bfa844a5f080e4ad8d2aac9a10ce9958b1dd4ada4a072739835228adc33bd0bd9fde3f17dd1356d101a26483440459b6f534cc0c622fb4687b34f16498cdeb85fdb939ec8796e633559dc6c99ee31d77cbed8f3bf9aae3453a37b30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810025b480d3991d0e431bc87c4647c2a5ad35fbd813fd445c9280bbd24c75531393326e5640edd78bc99f0f8ecc

EAP-Message = 0x9bc9bb1c110d1a31aab8891ad1e1c030d114edfb73dfbe273a2e6eb216058ac53068970c8b9327a84f8d94c3dc0c3ee8a19ae8e24f87a962d6d88f72e4ff55880ef3d77aee2961499ae85d4bea5bec7c8e26c7f916030100b60d0000ae02010200a900a73081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e74311830160603550403130f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c6765

EAP-Message = 0x6d65656e406368656c6c6f2e6e6c0e000000

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xc726a400fa2291a52450d13323be42d4

Finished request 1

Going to the next request

Waking up in 6 seconds...

rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0, length=146

User-Name = "Jurgen Tessers"

NAS-IP-Address = 192.168.11.1

Called-Station-Id = "001217374d34"

Calling-Station-Id = "00904bfa38fd"

NAS-Identifier = "001217374d34"

NAS-Port = 63

Framed-MTU = 1400

State = 0xc726a400fa2291a52450d13323be42d4

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x020200060d00

Message-Authenticator = 0x054ce4d4cd628812e4711d357c4fddc7

Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 2

modcall[authorize]: module "preprocess" returns ok for request 2

rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL

rlm_realm: No such realm "NULL"

modcall[authorize]: module "suffix" returns noop for request 2

rlm_eap: EAP packet type response id 2 length 6

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

modcall[authorize]: module "eap" returns updated for request 2

users: Matched entry Jurgen Tessers at line 98

modcall[authorize]: module "files" returns ok for request 2

modcall: group authorize returns updated for request 2

rad_check_password: Found Auth-Type EAP

auth: type "EAP"

Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 2

rlm_eap: Request found, released from the list

rlm_eap: EAP/tls

rlm_eap: processing type tls

rlm_eap_tls: Authenticate

rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message

rlm_eap_tls: ack handshake fragment handler

eaptls_verify returned 1 

eaptls_process returned 13 

modcall[authenticate]: module "eap" returns handled for request 2

modcall: group authenticate returns handled for request 2

Sending Access-Challenge of id 0 to 192.168.11.1:2048

EAP-Message = 0x0103000a0d8000000000

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x01a742a626d26fb7df45c5d4fc5ecdd1

Finished request 2

Going to the next request

Waking up in 6 seconds...

--- Walking the entire request list ---

Cleaning up request 2 ID 0 with timestamp 4348fbce

Nothing to do. Sleeping until we see a request.

rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0, length=141

User-Name = "Jurgen Tessers"

NAS-IP-Address = 192.168.11.1

Called-Station-Id = "001217374d34"

Calling-Station-Id = "00904bfa38fd"

NAS-Identifier = "001217374d34"

NAS-Port = 63

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x02010013014a757267656e2054657373657273

Message-Authenticator = 0x2d3a178165a103c97790a2265f4d9d94

Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 3

modcall[authorize]: module "preprocess" returns ok for request 3

rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL

rlm_realm: No such realm "NULL"

modcall[authorize]: module "suffix" returns noop for request 3

rlm_eap: EAP packet type response id 1 length 19

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

modcall[authorize]: module "eap" returns updated for request 3

users: Matched entry Jurgen Tessers at line 98

modcall[authorize]: module "files" returns ok for request 3

modcall: group authorize returns updated for request 3

rad_check_password: Found Auth-Type EAP

auth: type "EAP"

Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 3

rlm_eap: EAP Identity

rlm_eap: processing type tls

rlm_eap_tls: Requiring client certificate

rlm_eap_tls: Initiate

rlm_eap_tls: Start returned 1

modcall[authenticate]: module "eap" returns handled for request 3

modcall: group authenticate returns handled for request 3

Sending Access-Challenge of id 0 to 192.168.11.1:2048

EAP-Message = 0x010200060d20

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xeae76b6fc48204bc626dc0cf8ee55037

Finished request 3

Going to the next request

--- Walking the entire request list ---

Waking up in 6 seconds...

rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0, length=220

User-Name = "Jurgen Tessers"

NAS-IP-Address = 192.168.11.1

Called-Station-Id = "001217374d34"

Calling-Station-Id = "00904bfa38fd"

NAS-Identifier = "001217374d34"

NAS-Port = 63

Framed-MTU = 1400

State = 0xeae76b6fc48204bc626dc0cf8ee55037

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x020200500d800000004616030100410100003d03014348fbc478dfe6e9659dc502bd26acfcd57a22745369041bda99d550e1a50e0100001600040005000a000900640062000300060013001200630100

Message-Authenticator = 0xcf01888715ab7f343baf3bc2ff254d6d

Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 4

modcall[authorize]: module "preprocess" returns ok for request 4

rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL

rlm_realm: No such realm "NULL"

modcall[authorize]: module "suffix" returns noop for request 4

rlm_eap: EAP packet type response id 2 length 80

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

modcall[authorize]: module "eap" returns updated for request 4

users: Matched entry Jurgen Tessers at line 98

modcall[authorize]: module "files" returns ok for request 4

modcall: group authorize returns updated for request 4

rad_check_password: Found Auth-Type EAP

auth: type "EAP"

Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 4

rlm_eap: Request found, released from the list

rlm_eap: EAP/tls

rlm_eap: processing type tls

rlm_eap_tls: Authenticate

rlm_eap_tls: processing TLS

rlm_eap_tls: Length Included

eaptls_verify returned 11 

(other): before/accept initialization 

TLS_accept: before/accept initialization 

rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 

TLS_accept: SSLv3 read client hello A 

rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 

TLS_accept: SSLv3 write server hello A 

rlm_eap_tls: >>> TLS 1.0 Handshake [length 02ed], Certificate 

TLS_accept: SSLv3 write certificate A 

rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b6], CertificateRequest 

TLS_accept: SSLv3 write certificate request A 

TLS_accept: SSLv3 flush data 

TLS_accept:error in SSLv3 read client certificate A 

In SSL Handshake Phase 

In SSL Accept mode 

eaptls_process returned 13 

modcall[authenticate]: module "eap" returns handled for request 4

modcall: group authenticate returns handled for request 4

Sending Access-Challenge of id 0 to 192.168.11.1:2048

EAP-Message = 0x010304060d80000003fc160301004a0200004603014348fbec928c83e4952e56e503ad2e15c9be0fcfdb780f10197f7b4133ccf53520f0cf5a151df753d8674aa13d8ee4fada2e9236069d7798a8d87c2c94fc1eade600040016030102ed0b0002e90002e60002e3308202df30820248a003020102020900fc8e09110b5a3eca300d06092a864886f70d01010405003081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e7431183016060355040313

EAP-Message = 0x0f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c67656d65656e406368656c6c6f2e6e6c301e170d3035313030363231323734355a170d3036313030363231323734355a3081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e74311830160603550403130f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c67656d65656e406368656c6c6f

EAP-Message = 0x2e6e6c30819f300d06092a864886f70d010101050003818d0030818902818100dafaddb5bba8f2e1f54d2bf108425809657fa562555efcacf79362cb331b3e4f7030b88616bfa844a5f080e4ad8d2aac9a10ce9958b1dd4ada4a072739835228adc33bd0bd9fde3f17dd1356d101a26483440459b6f534cc0c622fb4687b34f16498cdeb85fdb939ec8796e633559dc6c99ee31d77cbed8f3bf9aae3453a37b30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810025b480d3991d0e431bc87c4647c2a5ad35fbd813fd445c9280bbd24c75531393326e5640edd78bc99f0f8ecc

EAP-Message = 0x9bc9bb1c110d1a31aab8891ad1e1c030d114edfb73dfbe273a2e6eb216058ac53068970c8b9327a84f8d94c3dc0c3ee8a19ae8e24f87a962d6d88f72e4ff55880ef3d77aee2961499ae85d4bea5bec7c8e26c7f916030100b60d0000ae02010200a900a73081a4310b3009060355040613024e4c311630140603550408130d4e6f6f72642042726162616e74311230100603550407130945696e64686f76656e310c300a060355040a13034c414231183016060355040b130f4c414220646576656c6f706d656e74311830160603550403130f4c414220576972656c6573732043413127302506092a864886f70d010901161874687569732d616c6765

EAP-Message = 0x6d65656e406368656c6c6f2e6e6c0e000000

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xf682d06956d504942902019d3bd263c0

Finished request 4

Going to the next request

Waking up in 6 seconds...

rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0, length=146

User-Name = "Jurgen Tessers"

NAS-IP-Address = 192.168.11.1

Called-Station-Id = "001217374d34"

Calling-Station-Id = "00904bfa38fd"

NAS-Identifier = "001217374d34"

NAS-Port = 63

Framed-MTU = 1400

State = 0xf682d06956d504942902019d3bd263c0

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x020300060d00

Message-Authenticator = 0x70679a8fd948dfe126165b99f9dd1b18

Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 5

modcall[authorize]: module "preprocess" returns ok for request 5

rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL

rlm_realm: No such realm "NULL"

modcall[authorize]: module "suffix" returns noop for request 5

rlm_eap: EAP packet type response id 3 length 6

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

modcall[authorize]: module "eap" returns updated for request 5

users: Matched entry Jurgen Tessers at line 98

modcall[authorize]: module "files" returns ok for request 5

modcall: group authorize returns updated for request 5

rad_check_password: Found Auth-Type EAP

auth: type "EAP"

Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 5

rlm_eap: Request found, released from the list

rlm_eap: EAP/tls

rlm_eap: processing type tls

rlm_eap_tls: Authenticate

rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message

rlm_eap_tls: ack handshake fragment handler

eaptls_verify returned 1 

eaptls_process returned 13 

modcall[authenticate]: module "eap" returns handled for request 5

modcall: group authenticate returns handled for request 5

Sending Access-Challenge of id 0 to 192.168.11.1:2048

EAP-Message = 0x0104000a0d8000000000

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x2bfb625aa5787818e9adeb602d7eedf8

Finished request 5

Going to the next request

Waking up in 6 seconds...

--- Walking the entire request list ---

Cleaning up request 5 ID 0 with timestamp 4348fbec

Nothing to do. Sleeping until we see a request.

rad_recv: Access-Request packet from host 192.168.11.1:2048, id=0, length=141

User-Name = "Jurgen Tessers"

NAS-IP-Address = 192.168.11.1

Called-Station-Id = "001217374d34"

Calling-Station-Id = "00904bfa38fd"

NAS-Identifier = "001217374d34"

NAS-Port = 63

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x02010013014a757267656e2054657373657273

Message-Authenticator = 0x73f093669adbb4d2de364948a9ba07c5

Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 6

modcall[authorize]: module "preprocess" returns ok for request 6

rlm_realm: No '@' in User-Name = "Jurgen Tessers", looking up realm NULL

rlm_realm: No such realm "NULL"

modcall[authorize]: module "suffix" returns noop for request 6

rlm_eap: EAP packet type response id 1 length 19

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

modcall[authorize]: module "eap" returns updated for request 6

users: Matched entry Jurgen Tessers at line 98

modcall[authorize]: module "files" returns ok for request 6

modcall: group authorize returns updated for request 6

rad_check_password: Found Auth-Type EAP

auth: type "EAP"

Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 6

rlm_eap: EAP Identity

rlm_eap: processing type tls

rlm_eap_tls: Requiring client certificate

rlm_eap_tls: Initiate

rlm_eap_tls: Start returned 1

modcall[authenticate]: module "eap" returns handled for request 6

modcall: group authenticate returns handled for request 6

Sending Access-Challenge of id 0 to 192.168.11.1:2048

EAP-Message = 0x010200060d20

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x97c1db6e5349aa2f0ea68769670a22db

Finished request 6

Going to the next request

etc, etc

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051009/3d167043/attachment.html>

More information about the Freeradius-Users mailing list