1 client unable to authenticate via EAP-TLS

Terry Zarelli terry.zarelli at gmail.com
Fri May 19 20:20:02 CEST 2006 

Hello,

I have one client that is having a problem authenticating via wireless
EAP-TLS.  The client is a Windows XP SP2 computer using a an internal Dell
wireless card.  The client associates with the access point-a Cisco Aironet
1130-but is continually reports an "attempting to authenticate" message.
After, performing a "radiusd -X", I do not see any EAP-start messages; I see
the following:

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

I continually see these messages for this particular client and subsequently
do not see Freeradius process the certificate.  Any clues on what may be
going on.  I am using version 1.1.0.  Is any more info needed that I can
provide?

Below is the log of the EAP conversation:

Thank you.

______________________________________________________________________________________________________________________________________________________________________

Going to the next request

Waking up in 6 seconds...

rad_recv: Access-Request packet from host 192.168.200.249:32768, id=226,
length=175

User-Name = "vallent.com"

Calling-Station-Id = "00-90-96-AF-7D-D4"

Called-Station-Id = "00-15-2C-49-D6-40:2xe1zpK0"

NAS-Port = 4

NAS-IP-Address = 192.168.200.249

NAS-Identifier = "bvwlc01"

Airespace-Wlan-Id = 1

Service-Type = Framed-User

Framed-MTU = 1300

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x025200060d00

State = 0xed546982f4966349530000881730f5c2

Message-Authenticator = 0x2d0b467fefd65f09ef445907438841a0

Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 14

modcall[authorize]: module "preprocess" returns ok for request 14

modcall[authorize]: module "chap" returns noop for request 14

modcall[authorize]: module "mschap" returns noop for request 14

rlm_realm: No '@' in User-Name = "vallent.com", looking up realm NULL

rlm_realm: No such realm "NULL"

modcall[authorize]: module "suffix" returns noop for request 14

rlm_eap: EAP packet type response id 82 length 6

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>



modcall[authorize]: module "eap" returns updated for request 14

users: Matched entry DEFAULT at line 152

modcall[authorize]: module "files" returns ok for request 14

modcall: leaving group authorize (returns updated) for request 14

rad_check_password: Found Auth-Type EAP

auth: type "EAP"

Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 14

rlm_eap: Request found, released from the list

rlm_eap: EAP/tls

rlm_eap: processing type tls

rlm_eap_tls: Authenticate

rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message

rlm_eap_tls: ack handshake fragment handler

eaptls_verify returned 1

eaptls_process returned 13

modcall[authenticate]: module "eap" returns handled for request 14

modcall: leaving group authenticate (returns handled) for request 14

Sending Access-Challenge of id 226 to 192.168.200.249 port 32768

EAP-Message =
0x0153040a0dc0000008bd79fa9a8201851f5f94cd707d99f056471b3463d26d105fd500040830820404308202eca003020102020900b257df81a5c93eb0300d06092a864886f70d0101050500308182310b3009060355040613025553311330110603550408130a57617368696e67746f6e311c301a060355040a131356616c6c656e7420436f72706f726174696f6e3121301f06035504031318636572742e62762e616d65722e76616c6c656e742e636f6d311d301b06092a864886f70d010901160e69744076616c6c656e742e636f6d301e170d3036303132363139333733365a170d3039303132353139333733365a308182310b30090603550406

EAP-Message =
0x13025553311330110603550408130a57617368696e67746f6e311c301a060355040a131356616c6c656e7420436f72706f726174696f6e3121301f06035504031318636572742e62762e616d65722e76616c6c656e742e636f6d311d301b06092a864886f70d010901160e69744076616c6c656e742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e11a94e572aaf07801e8ed2702e2f5cf02a30420b854889d760ba754643aee948ed331fbe5a2a24af3a28bba69c8b6d85761972db0be17dff91e4228d19446e932837768eea8bdb65cc712932ff5b5eecc13f763db7d984b925eb47b7c0094db3ac765

EAP-Message =
0x8e38c4bd7d729957fe0c42343aa678872e499c04db70cbdc528f48f0ca93921e434ea7ac11a9a4fd857ba8507589063cc311370fcd6477e3bd4fadb89e842a64d10bf2d1f9deadbf8b8d79a05821712ba49b0478c4c96d55a43031f9951a1def7e12541f1352d36654c06864a540ebafaf21a7744e53f02f78a6c82ff2d7676afea5c576b231829851f10dd1c477677cdaebc7d7f0bb4e170f16d9d7130203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604149070be5fdb372c09f54ecbabfecc4cdc979783

EAP-Message =
0x6d301f0603551d230418301680149070be5fdb372c09f54ecbabfecc4cdc9797836d300d06092a864886f70d010105050003820101000e3e63fd403f29af1912cf95540307a47087bba7cdee6a0657ba7a1f28fd148d93d081abda825b858d9d1351e33dca9b4d8d8f1941995e20173fe22def775aceabd13101ffb42eca6a6497c41e6985d78740173fe1ba1f76db32677053ffa87891213b7df0c2a9d339d61e2595d7658d1e1c3f8a0438a2f91f2cd9060a4b027da0cc75443be746fca0605a37155c84b9e1bff1f84b2f41328aba6b03e55d922a49f70df090d240b1a398fc8dd74aa2450661fbf3cb0d1986863cf41cd0f84366e52251a55a9f70

EAP-Message = 0x0d6b2a92d2b3579d7dfa7601e92a703d17d20f6b0bdf

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xf82a664f4f7328b73ffccc1f1773d09c

Finished request 14

Going to the next request

E
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060519/6e34689d/attachment.html>

More information about the Freeradius-Users mailing list