Freeradius + OpenLDAP - user password problem

K. Hoercher wbhoer at gmail.com
Tue Aug 29 20:44:01 CEST 2006


On 8/29/06, Tilen <lutemberg at gmail.com> wrote:
So here comes something really weird:
>  Waking up in 6 seconds...
>  rad_recv: Access-Request packet from host 192.168.1.1:3072, id=0,
> length=147
>          User-Name = "test"
>          NAS-IP-Address = 192.168.1.1
>          Called-Station-Id = "004010100003"
>          Calling-Station-Id = "000e3557c74e"
>          NAS-Identifier = "004010100003"
>          NAS-Port = 30
>          Framed-MTU = 1400
>          State = 0x123b5c7e213692f7121dbe4052274024
>
>          NAS-Port-Type = Wireless-802.11
>          EAP-Message = 0x0202001119800000000715030100020230
>          Message-Authenticator =
> 0xd65ea4a0e55f28c1e76a6b51f9ec9467
>
>    Processing the authorize section of radiusd.conf
>  modcall: entering group authorize for request 2

That's a tls1.0 Alert message the part "....1503...". Therefore the
openssl lib bails out of further processing as specified in RFC2246.
Thats (arguably somewhat hard to understand) also mentioned int the
output:
3447:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1052:SSL alert number 48
3447:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:837:

So your client wasn't able to fiind a correct CA certificate for the
cert freeradius had sent before. Please see to provide those. If in
doubt, check with dummy ones to be created by CA.all script.

regards
K. Hoercher



More information about the Freeradius-Users mailing list