CRL not working....
Robert Myers
ccrider at whiterose.net
Mon Mar 6 23:15:08 CET 2006
I'm having some odd troubles here with the check_crl = yes
I've added what I think is the appropriate config file directives, I
must be missing something.
Here is the debug output, any help would be much appreciated
-Bob
rad_recv: Access-Request packet from host 192.168.2.169:1038, id=37,
length=208
Framed-MTU = 1480
NAS-IP-Address = 192.168.2.169
NAS-Identifier = "PU-5300"
User-Name = "rmyers-cmd"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 13
NAS-Port-Type = Ethernet
NAS-Port-Id = "A13"
Called-Station-Id = "00-13-21-ba-14-00"
Calling-Station-Id = "00-11-11-64-a1-e6"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0206000f01726d796572732d636d64
Message-Authenticator = 0xab51b4a66e5e063bf6ecb0244e478fd6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 15
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 157
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 5
radius_xlat: 'rmyers-cmd'
rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd'
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck
??WHERE Username = 'rmyers-cmd' ??ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM
radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id'
rlm_sql_postgresql: query: SELECT radgroupcheck.id,
radgroupcheck.GroupName, ??radgroupcheck.Attribute,
radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup
??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupcheck.GroupName ??ORDER BY radgroupcheck.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName,
radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id'
rlm_sql_postgresql: query: SELECT radgroupreply.id,
radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value,
radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE
usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupreply.GroupName ??ORDER BY radgroupreply.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 37 to 192.168.2.169:1038
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010700060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x011fcb927c106af30a76bf45e031e026
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.169:1038, id=38,
length=291
Framed-MTU = 1480
NAS-IP-Address = 192.168.2.169
NAS-Identifier = "PU-5300"
User-Name = "rmyers-cmd"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 13
NAS-Port-Type = Ethernet
NAS-Port-Id = "A13"
Called-Station-Id = "00-13-21-ba-14-00"
Calling-Station-Id = "00-11-11-64-a1-e6"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x011fcb927c106af30a76bf45e031e026
EAP-Message =
0x020700500d800000004616030100410100003d0301440cb2749bc2a634cef7356a18a591bab4181aa08ad97702e92c360a5bca7cc900001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x8cd00e8b1b35684ba2b8b81c14861bb9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 157
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 6
radius_xlat: 'rmyers-cmd'
rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd'
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck
??WHERE Username = 'rmyers-cmd' ??ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM
radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id'
rlm_sql_postgresql: query: SELECT radgroupcheck.id,
radgroupcheck.GroupName, ??radgroupcheck.Attribute,
radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup
??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupcheck.GroupName ??ORDER BY radgroupcheck.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName,
radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id'
rlm_sql_postgresql: query: SELECT radgroupreply.id,
radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value,
radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE
usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupreply.GroupName ??ORDER BY radgroupreply.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns notfound for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0562], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0073], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 38 to 192.168.2.169:1038
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message =
0x0108040a0dc00000062e160301004a020000460301440ca6c9ce32946be1ccac53123187db21cf3feaece1f5da6209b1d150132d6f20427a2b648e04281c7433674b6bff47834d3b252cae63361527f5124a08cb76a300040016030105620b00055e00055b00024730820243308201aca003020102020900b02d53f88c901429300d06092a864886f70d01010405003062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d301e170d303630313331
EAP-Message =
0x3139313831355a170d3037303133313139313831355a3065310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310f300d0603550403130673657276657230819f300d06092a864886f70d010101050003818d0030818902818100d7ecba2856c6c8427536a5100cec4b7ceed9af3e7e9f82ae8a444b0b744724ea3e99b165c59746b2900bbc6218b604a9309322295643f8d168f5d55a9e7e1be81950ab022acf750d5063120b7b56ed8f594a6e89e523e2027ace19e452fe414710f6ed
EAP-Message =
0xd0d79cea027e94e35d0f6095fd04db8416c4f11f63bcf02d41d7293e450203010001300d06092a864886f70d010104050003818100a617555e7ca5a90a7e0eef057c96eb6d9dc5b8439ebbb52b7f7925dc68237c529e763580949c851755df0ac76b1451724b866e6bae7945fb64faeb88499084398dc9e7c0cbc31bd8489f27467d683448fb5787eb2b9c66d964232552a46d74c524273ccd6d3a7be29c0439b8f2c20bc96ab16755437270a2b9f647eb9806856a00030e3082030a30820273a003020102020900b02d53f88c901427300d06092a864886f70d01010405003062310b3009060355040613025553311530130603550408130c50656e6e
EAP-Message =
0x73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d301e170d3036303133313139313733375a170d3038303133313139313733375a3062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d30819f300d06092a864886f70d010101050003818d0030818902818100cd464aa3398c84bd31985dea600f28cd60f7bced7e6c
EAP-Message = 0x749306ff79145fb5e00628fc5908338f312aaf008a99
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa06c77f4cfd37fb9f16ced52ebdc6686
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.169:1038, id=39,
length=217
Framed-MTU = 1480
NAS-IP-Address = 192.168.2.169
NAS-Identifier = "PU-5300"
User-Name = "rmyers-cmd"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 13
NAS-Port-Type = Ethernet
NAS-Port-Id = "A13"
Called-Station-Id = "00-13-21-ba-14-00"
Calling-Station-Id = "00-11-11-64-a1-e6"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xa06c77f4cfd37fb9f16ced52ebdc6686
EAP-Message = 0x020800060d00
Message-Authenticator = 0x2716dcc5794b1beffe21cf96c356e943
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 157
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 7
radius_xlat: 'rmyers-cmd'
rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd'
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck
??WHERE Username = 'rmyers-cmd' ??ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM
radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id'
rlm_sql_postgresql: query: SELECT radgroupcheck.id,
radgroupcheck.GroupName, ??radgroupcheck.Attribute,
radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup
??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupcheck.GroupName ??ORDER BY radgroupcheck.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName,
radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id'
rlm_sql_postgresql: query: SELECT radgroupreply.id,
radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value,
radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE
usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupreply.GroupName ??ORDER BY radgroupreply.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns notfound for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 39 to 192.168.2.169:1038
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message =
0x010902380d800000062e01c770ef206700cbd397b8f4627e086d6b2872b23e467fff195f007451bcb1547b66ca23a46ec638978c904ca8a942b73928be83ef91154e6c22817461d944f6ed41f7bfd17bc1ba8b6a6295eba1d63549d5dbd30203010001a381c73081c4301d0603551d0e041604147084def1ae8ce1a8344e404cfe763700473b65f43081940603551d2304818c30818980147084def1ae8ce1a8344e404cfe763700473b65f4a166a4643062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009
EAP-Message =
0x060355040b13024954310c300a0603550403130352504d820900b02d53f88c901427300c0603551d13040530030101ff300d06092a864886f70d010104050003818100a4448cd34e1dd346ee6638304d4b8f2e9ee6d8b3fc85c68d71f80b9b74cc549332042dbec402dcf84655c2478cd9ec086c4df0ae8ace50992085005e76fd10b9f7a237984a196d7614437ee9e97e7e621e6b2a07d67d0384e0485960257f2074644699b9ec065cc673a7b05622013abb3beb77d0cd2d1624e7676922eaa6e82f16030100730d00006b020102006600643062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e696131133011
EAP-Message =
0x0603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfc10b5f87ea497dbce8d66694199924f
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.169:1038, id=40,
length=1387
Framed-MTU = 1480
NAS-IP-Address = 192.168.2.169
NAS-Identifier = "PU-5300"
User-Name = "rmyers-cmd"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 13
NAS-Port-Type = Ethernet
NAS-Port-Id = "A13"
Called-Station-Id = "00-13-21-ba-14-00"
Calling-Station-Id = "00-11-11-64-a1-e6"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xfc10b5f87ea497dbce8d66694199924f
EAP-Message =
0x020904900d800000048616030104560b0003460003430003403082033c308202a5a003020102020900b02d53f88c90142c300d06092a864886f70d01010405003062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d301e170d3036303330363231303532345a170d3036303630343231303532345a3069310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a4861727269736275
EAP-Message =
0x7267310c300a060355040a13034d5349310b3009060355040b13024954311330110603550403130a726d796572732d636d6430819f300d06092a864886f70d010101050003818d0030818902818100daf05c6716f9346a5b14322363d56e9e47bce702e316f9961f06beaf89e571b6c81d7ec957bb4103ef28898be6cac14dacfb6d71265134cf9193dc08ce5e05b71d0074daca80665453493ef750381e94f8033f3212e94f7cf24e6ae34537edaf3c3b0a9e09a40cb7fec19c32d0753bfab5d6424acb1e8bb0b7a7bb453d00905d0203010001a381f23081ef30090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c
EAP-Message =
0x2047656e657261746564204365727469666963617465301d0603551d0e04160414139d43580e4b595bf65001b9fb711d3a5cf04bc93081940603551d2304818c30818980147084def1ae8ce1a8344e404cfe763700473b65f4a166a4643062310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311330110603550407130a48617272697362757267310c300a060355040a13034d5349310b3009060355040b13024954310c300a0603550403130352504d820900b02d53f88c901427300d06092a864886f70d010104050003818100289d684fa9f9e1df1757e61a0396237d891de9780a69d3db969d0c901ac8
EAP-Message =
0x36722ca531e05c52e116121dd0afabf1d8994b669084140b94c15c9ce05104a021bbfb5e79ede88ceaf592b3366df0d50eafe8bcf4ceaeddf284d3801de3eea9fab5cbe1b539784a825da253facb813e15b36a3eebd68da4add2ab48a7085c799886100000820080c72a0e26751c13b01c91545ff716fe9f16ff0328cfa0eb8822edd6c870b2fe6303e12c642f31edf017cf6cb49d6078b7b69809374f39ea5591144a0e97f882d7f99ea9eb8a3bc2e77f48dd0a9bac62857c51d7221ab13d9261dbe12240f3d9b8547242b4746e7500af619f80b9bc7ae8f8bf565941e83c639e86e5eef7877b720f0000820080a9fca434166b7bd12f2cc27bfe2462
EAP-Message =
0x87a99ec1d2579f9db69e725b1b7293b40ad087b41245bdfb338fcf70ce246f0924802e83573fdaad1f87438ede8a2edc7ec46b720edac3c3ad201b58771c2b09a2723fd2a16a8e5b20e9f7a073adb14635a3c2e59b966243fb5e974eea38111093fb27bca1e022225b161574f15a5159b01403010001011603010020a20a05e395b2ed0dfcc2e8f44addda5b3238f904b9f20c6017a772acb12c1608
Message-Authenticator = 0x43ae9e2d4338d3d0d1c91c3db6ca955e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 9 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 157
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 8
radius_xlat: 'rmyers-cmd'
rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd'
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck
??WHERE Username = 'rmyers-cmd' ??ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM
radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id'
rlm_sql_postgresql: query: SELECT radgroupcheck.id,
radgroupcheck.GroupName, ??radgroupcheck.Attribute,
radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup
??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupcheck.GroupName ??ORDER BY radgroupcheck.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName,
radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id'
rlm_sql_postgresql: query: SELECT radgroupreply.id,
radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value,
radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE
usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupreply.GroupName ??ORDER BY radgroupreply.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns notfound for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 034a], Certificate
--> verify error:num=3:unable to get certificate CRL
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
31460:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned:s3_srvr.c:2021:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 40 to 192.168.2.169:1038
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010a00110d800000000715030100020230
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb722537bdfd460d8a203eab6301e97d9
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.169:1038, id=41,
length=217
Framed-MTU = 1480
NAS-IP-Address = 192.168.2.169
NAS-Identifier = "PU-5300"
User-Name = "rmyers-cmd"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 13
NAS-Port-Type = Ethernet
NAS-Port-Id = "A13"
Called-Station-Id = "00-13-21-ba-14-00"
Calling-Station-Id = "00-11-11-64-a1-e6"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xb722537bdfd460d8a203eab6301e97d9
EAP-Message = 0x020a00060d00
Message-Authenticator = 0x1ffb7e5aeb268158ff2c4a81fb2d07eb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "rmyers-cmd", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 10 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 157
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 9
radius_xlat: 'rmyers-cmd'
rlm_sql (sql): sql_set_user escaped user --> 'rmyers-cmd'
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck
??WHERE Username = 'rmyers-cmd' ??ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
??FROM radcheck ??WHERE Username = 'rmyers-cmd' ??ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM
radgroupcheck, usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id'
rlm_sql_postgresql: query: SELECT radgroupcheck.id,
radgroupcheck.GroupName, ??radgroupcheck.Attribute,
radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup
??WHERE usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupcheck.GroupName ??ORDER BY radgroupcheck.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName,
radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup ??WHERE usergroup.Username = 'rmyers-cmd' AND
usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id'
rlm_sql_postgresql: query: SELECT radgroupreply.id,
radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value,
radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE
usergroup.Username = 'rmyers-cmd' AND usergroup.GroupName =
radgroupreply.GroupName ??ORDER BY radgroupreply.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User rmyers-cmd not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns notfound for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack alert
eaptls_verify returned 4
eaptls_process returned 4
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.169:1038, id=41,
length=217
Sending Access-Reject of id 41 to 192.168.2.169:1038
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 37 with timestamp 440ca6c9
Cleaning up request 6 ID 38 with timestamp 440ca6c9
Cleaning up request 7 ID 39 with timestamp 440ca6c9
Cleaning up request 8 ID 40 with timestamp 440ca6c9
Cleaning up request 9 ID 41 with timestamp 440ca6c9
Nothing to do. Sleeping until we see a request.
More information about the Freeradius-Users
mailing list