TLS handshaking problem
Giuseppina Venezia
giusy.venezia at gmail.com
Thu Oct 12 17:53:32 CEST 2006
Hi all,
my configuration is FreeRadius (1.0.5) with Chillispot in proxy mode
(and WPA-Enterprise-Auto), when i try to connect with a client, it
accepts the certificate, but authentication failed.
FreeRadius communicate with Chillispot and all seems work fine.
I've seen that in the firts request, TLS give an error (
TLS_accept:error in SSLv3 read client certificate A ) but in the third
request (whit the same login) it works.
What's wrong?
Best regards.
These are radius and chilli log:
rad_recv: Access-Request packet from host 192.168.181.1:1026, id=0, length=118
User-Name = "prof1"
EAP-Message = 0x0200000a0170726f6631
Message-Authenticator = 0xa755e14d8f738a60ad50681a848c4d27
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 192.168.181.1
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/password to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 0 to 192.168.181.1:1026
Filter-Id = "98"
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ba05fe457734cfdd7739795f3bdc8b
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.181.1:1026, id=1, length=244
User-Name = "prof1"
State = 0x43ba05fe457734cfdd7739795f3bdc8b
EAP-Message = 0x0201007619800000006c1603010067010000630301452e55f989de814794c772b01ccc34ce2afa98a74d0ad6bea3f928e7c288115000003c002f000500040035000aff830009ff82000300080006ff8000320033003400380039003a0016001500140013001200110018001b001a0017001900010100
Message-Authenticator = 0xc8af438cacd711e7ff0d740c3cd87384
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 192.168.181.1
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 118
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0067], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06ae], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 1 to 192.168.181.1:1026
Filter-Id = "98"
EAP-Message = 0x0102040a19c00000070b160301004a020000460301452e537ca488ea6621f71250f98002c85a45166c0ec16bc5ab15b0bf86e938202019a4321b13304c3472967d3a7b9522f73a985f43176c08f3e0f4441d250f5971002f0016030106ae0b0006aa0006a70002d5308202d13082023aa003020102020900c15c0043e46eeae0300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b30190603550403131243
EAP-Message = 0x6c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3036313031323134323031375a170d3037313031323134323031375a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f3119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886
EAP-Message = 0xf70d010101050003818d0030818902818100c60af01facdb1bbf0dfcf9693f1db7b7abb6905261ddac50b3594df62ceabe39a5f931dd97f2521f754cd66c39f8f37b1149a26d74af49b4eeb7bc930839ab9dc93595f181170600c1aefc24e028b41431259e61e679ade357f82ae8e7f554ec5c572151fa0c4c583d794769cb98867bcde07335ac95c94be9561fb2de82563d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009d6536d8cb33f8365fd61bc062a6d6f706cddc11063d84ef4b6ae543dd18d15eef5c1c273403f4c466d890bb55e1bbbf29f38f511554831cb460
EAP-Message = 0xdb90ea3c4fa657556e3bf1bbb86b1f5bceadb472663b26dd17fd83ac2db439b0f185605d909a3fcd3d31f85096bd14e415dcce5fcc298776bbe82baa28b408abcbc5225f102e0003cc308203c830820331a003020102020900c15c0043e46eeade300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109
EAP-Message = 0x011612636c69656e74406578616d706c652e636f6d30
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5039a921f9fc66f28d6e3f4b862f6345
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.181.1:1026, id=2, length=132
User-Name = "prof1"
State = 0x5039a921f9fc66f28d6e3f4b862f6345
EAP-Message = 0x020200061900
Message-Authenticator = 0xa91e107ec69b91ffe7cb31a455684512
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 192.168.181.1
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 2 to 192.168.181.1:1026
Filter-Id = "98"
EAP-Message = 0x0103031119001e170d3036313031323134323031335a170d3038313031313134323031335a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d1834676843139241f85b29b130df7eade2392a6f86ce3b912
EAP-Message = 0x0ca3a35399e73d2b3148b8decb8914a41ae016625a6d93b4266ad18023b924aa4b5ae13bd7d9cfff0fc885d7523163d3904e434c7fae94b82b1474cd318c0c88af5db0cab240c4c7be02f527bf766420266bff30a2a572de64507f01ee9e35283a7022370429a30203010001a382010830820104301d0603551d0e041604142f4a965f7d02a211a01c6062f921e94c7c3978e53081d40603551d230481cc3081c980142f4a965f7d02a211a01c6062f921e94c7c3978e5a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a
EAP-Message = 0x130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820900c15c0043e46eeade300c0603551d13040530030101ff300d06092a864886f70d01010405000381810018230a55e71091a68331acbbdc7c440fedc00bdca273904f8abb0f89eece7b7788691cd225b6f79ed7938b9b6c3bc065a9673db78fad613669252f435b9d41b9003fb953d87d6152df09ce6fce19c7960d9e718c81455543cee043c5f00206f7afd633ad017ee4c5c7d6162f434476
EAP-Message = 0x5d21f4f6fd18a48d99efd1cb23d17c76ef16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x35e5753e170bf0eef07f6baa43a9ed96
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.181.1:1026, id=3, length=334
User-Name = "prof1"
State = 0x35e5753e170bf0eef07f6baa43a9ed96
EAP-Message = 0x020300d01980000000c616030100861000008200809bf4fb80396fa2a36688d08c0636c920f85ca7789f995dfe204a3639c4e0efc7c9213477807580d1404813daf96be6ff227836e5992d3cea4232acb679abf4a38835f0fa6a6c481509ad39a804309f9e25f5ba15b68e7c964a10272d86904d036053abbcda030d7567189e27b42b91a74671e7fb006e64cafb4a603e91d7bb6d14030100010116030100309034f26ce775a9be886de32e9101e1eeb42d5cad400ce3166058a23d047e7b4d5ad80e0e68568c2c78ce8daea1bf0b46
Message-Authenticator = 0x37a6aa57d05283ed1e2727c1cbd2e246
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 192.168.181.1
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 3 to 192.168.181.1:1026
Filter-Id = "98"
EAP-Message = 0x01040041190014030100010116030100305cbbad378481f9e36a6768f41f18a5924a34dcebde91f3b0f4ec5c8782aa697976a71ce9edb66d2cd16282a3f5fae348
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9784d7c093eb0db5f8af482bc1e7400
Finished request 3
=====================================================
bash-3.00# chilli --fg --debug --conup=/etc/conup
--condown=/etc/condow --eapolenable
ChilliSpot version 1.1.0 started.
chillispot[1696]: ChilliSpot 1.1.0. Copyright 2002-2005 Mondru AB.
Licensed under GPL. See http://www.chillispot.org for credits.
Waiting for client request...
chillispot[1696]: chilli.c: 3509: New DHCP request from MAC=00-11-95-C2-93-0A
New DHCP connection established
DHCP requested IP address
chillispot[1696]: chilli.c: 3479: Client MAC=00-11-95-C2-93-0A
assigned IP 192.168.182.2 cb_dhcp_data_ind. Packet received. DHCP
authstate: 5
Radius access request received!
Calling Station ID is: 00-17-F2-44-11-C2
Username is: prof1
chillispot[1696]: chilli.c: 3509: New DHCP request from MAC=00-17-F2-44-11-C2
New DHCP connection established
Received access request confirmation from radius server
Received access challenge from radius server
cb_dhcp_data_ind. Packet received. DHCP authstate: 5
Radius access request received!
Calling Station ID is: 00-17-F2-44-11-C2
Username is: prof1
Received access request confirmation from radius server
Received access challenge from radius server
cb_dhcp_data_ind. Packet received. DHCP authstate: 5
Radius access request received!
Calling Station ID is: 00-17-F2-44-11-C2
Username is: prof1
Received access request confirmation from radius server
Received access reject from radius server
chillispot[1696]: chilli.c: 3550: DHCP addr released by
MAC=00-17-F2-44-11-C2 IP=0.0.0.0
DHCP connection removed
chillispot[1696]: chilli.c: 3550: DHCP addr released by
MAC=00-11-95-C2-93-0A IP=192.168.182.2
DHCP connection removed
More information about the Freeradius-Users
mailing list