1 client unable to authenticate via EAP-TLS
Terry Zarelli
terry.zarelli at gmail.com
Fri May 19 20:20:02 CEST 2006
Hello,
I have one client that is having a problem authenticating via wireless
EAP-TLS. The client is a Windows XP SP2 computer using a an internal Dell
wireless card. The client associates with the access point-a Cisco Aironet
1130-but is continually reports an "attempting to authenticate" message.
After, performing a "radiusd -X", I do not see any EAP-start messages; I see
the following:
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
I continually see these messages for this particular client and subsequently
do not see Freeradius process the certificate. Any clues on what may be
going on. I am using version 1.1.0. Is any more info needed that I can
provide?
Below is the log of the EAP conversation:
Thank you.
______________________________________________________________________________________________________________________________________________________________________
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.200.249:32768, id=226,
length=175
User-Name = "vallent.com"
Calling-Station-Id = "00-90-96-AF-7D-D4"
Called-Station-Id = "00-15-2C-49-D6-40:2xe1zpK0"
NAS-Port = 4
NAS-IP-Address = 192.168.200.249
NAS-Identifier = "bvwlc01"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x025200060d00
State = 0xed546982f4966349530000881730f5c2
Message-Authenticator = 0x2d0b467fefd65f09ef445907438841a0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "vallent.com", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 82 length 6
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 226 to 192.168.200.249 port 32768
EAP-Message =
0x0153040a0dc0000008bd79fa9a8201851f5f94cd707d99f056471b3463d26d105fd500040830820404308202eca003020102020900b257df81a5c93eb0300d06092a864886f70d0101050500308182310b3009060355040613025553311330110603550408130a57617368696e67746f6e311c301a060355040a131356616c6c656e7420436f72706f726174696f6e3121301f06035504031318636572742e62762e616d65722e76616c6c656e742e636f6d311d301b06092a864886f70d010901160e69744076616c6c656e742e636f6d301e170d3036303132363139333733365a170d3039303132353139333733365a308182310b30090603550406
EAP-Message =
0x13025553311330110603550408130a57617368696e67746f6e311c301a060355040a131356616c6c656e7420436f72706f726174696f6e3121301f06035504031318636572742e62762e616d65722e76616c6c656e742e636f6d311d301b06092a864886f70d010901160e69744076616c6c656e742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e11a94e572aaf07801e8ed2702e2f5cf02a30420b854889d760ba754643aee948ed331fbe5a2a24af3a28bba69c8b6d85761972db0be17dff91e4228d19446e932837768eea8bdb65cc712932ff5b5eecc13f763db7d984b925eb47b7c0094db3ac765
EAP-Message =
0x8e38c4bd7d729957fe0c42343aa678872e499c04db70cbdc528f48f0ca93921e434ea7ac11a9a4fd857ba8507589063cc311370fcd6477e3bd4fadb89e842a64d10bf2d1f9deadbf8b8d79a05821712ba49b0478c4c96d55a43031f9951a1def7e12541f1352d36654c06864a540ebafaf21a7744e53f02f78a6c82ff2d7676afea5c576b231829851f10dd1c477677cdaebc7d7f0bb4e170f16d9d7130203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604149070be5fdb372c09f54ecbabfecc4cdc979783
EAP-Message =
0x6d301f0603551d230418301680149070be5fdb372c09f54ecbabfecc4cdc9797836d300d06092a864886f70d010105050003820101000e3e63fd403f29af1912cf95540307a47087bba7cdee6a0657ba7a1f28fd148d93d081abda825b858d9d1351e33dca9b4d8d8f1941995e20173fe22def775aceabd13101ffb42eca6a6497c41e6985d78740173fe1ba1f76db32677053ffa87891213b7df0c2a9d339d61e2595d7658d1e1c3f8a0438a2f91f2cd9060a4b027da0cc75443be746fca0605a37155c84b9e1bff1f84b2f41328aba6b03e55d922a49f70df090d240b1a398fc8dd74aa2450661fbf3cb0d1986863cf41cd0f84366e52251a55a9f70
EAP-Message = 0x0d6b2a92d2b3579d7dfa7601e92a703d17d20f6b0bdf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf82a664f4f7328b73ffccc1f1773d09c
Finished request 14
Going to the next request
E
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060519/6e34689d/attachment.html>
More information about the Freeradius-Users
mailing list