Everything lookslike it works, but PC is not authentified

Alexandros Gougousoudis gougousoudis at kh-berlin.de
Mon Sep 4 11:55:54 CEST 2006


Hi,

I'am a step ahead. One problem was, that the Root-CA-cert must be put 
manually in the Trusted-Rootcertificate place (I use a german Windows, 
so I try to retranslate that into english) on the Windows-Client. It is 
not enough to import that automatically, although the cert shows up in 
the list of "Trusted Rootcertificates" in the "Authentification" menu of 
the network-settings. If made this running the mmc manually, opening the 
Certificate-dialog.

But it shows, that the problem is deeper. The netbiosname of the windows 
machine is "vinfo-t1", also the cert has this name as a CN. If the PC 
tries to authenticate the username comes as "host/vinfo-t1" to the 
radius server. Which makes the TLS verify fail. How can the name be 
truncated?

My setup is like mentioned in this HowTo:

http://www.hep.phys.soton.ac.uk/~jhe/documents/WPA-Authentication+RADIUS-HOWTO.html

Here an Debug Output of the conversation:


rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=91
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         EAP-Message = 0x0201001201686f73742f76696e666f2d7431
         Message-Authenticator = 0xe009fb46107ee76bfc27e1f91b7e73f6
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
   rlm_eap: EAP packet type response id 1 length 18
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 0
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x010200060d20
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x1eb9189838f31fb0cf1d343419acb2c0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=171
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x1eb9189838f31fb0cf1d343419acb2c0
         EAP-Message = 
0x020200500d800000004616030100410100003d030144fbf552d25bafa630d83452a204d465d2a0109f469f18439264173b484f30f200001600040005000a000900640062000300060013001200630100
         Message-Authenticator = 0x5acdcdfd4719f93fd54efbec8632096f
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
   modcall[authorize]: module "preprocess" returns ok for request 1
   rlm_eap: EAP packet type response id 2 length 80
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 1
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
     (other): before/accept initialization
     TLS_accept: before/accept initialization
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
     TLS_accept: SSLv3 read client hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
     TLS_accept: SSLv3 write server hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0ef8], Certificate
     TLS_accept: SSLv3 write certificate A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 00bd], CertificateRequest
     TLS_accept: SSLv3 write certificate request A
     TLS_accept: SSLv3 flush data
     TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 
0x0103040a0dc00000100e160301004a02000046030144cdf6a1a045a15119c1630490570a6d0cb0643391b0aa45060563037e3c819b204cc1d2c1737bdea821ed36527e98a814a656e3e578af9e0976f33b31fd9c5cc30004001603010ef80b000ef4000ef100077f3082077b30820563a003020102020128300d06092a864886f70d01010505003081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543
         EAP-Message = 
0x656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465301e170d3036303831303039333334335a170d3037303831303039333334335a3081ac310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312730250603550403131e7261646975732e76657277616c74756e672e6b682d6265726c696e2e64653121301f06092a864886f70d010901161273632d6974406b682d
         EAP-Message = 
0x6265726c696e2e646530820222300d06092a864886f70d01010105000382020f003082020a02820201009d061598c850223454cb70a58cae0a1ac2db0b6a963d25c96c632b1eb2a9177e3e8a066fa9c3596c4a1b035def3b6c589a12209a6d7ab7aa4144de890803c34cb5239cdb3b7266426049d475ed3e354fe494dee46a17e7478065c7332f6ac621d9b754d46812dc4ffda7a39bf33987fbe6951a591aee791c9468cc70f5a821683640675bafea24fe5291d6750c30a1b0a4c52cbeb6a18ce514038432f3dc83ce12657de67976dff9a7643b7ad340240e5e69385355b64d3e77f4bb0dfbc8fd63258a308c2a6e82f9c0c92e7e4ccadf848cc3bb
         EAP-Message = 
0x57d592dcf46930c794fa0b338c9db103b9a7162352ff8cac3b680d64ec0b865bf74778839cd1530d79ba553a2bd9ffb112534cd758bb3b3dba26037ed1c158089af8903e9f5b684061ddd413fb192cfc5024c03b177184101d68bc7111ccdcb6bee8c98d1642bbc547e8211dab2fd5d45488da089a17edaa9b4dd4357d4adcb0e33553210a5ad0e84edc9f9a769297649672d5f78e2f3687e99c411abea88e0363fe1afb7dcf05a8838ef07cec88337f903a94a6207893b5e9ff80441a12b6847ff008eb8c257878f6711a8f8c053315d4ae87b36661cdee73a3cbaca92d14f480804c7476d36665c417db9c954795423ca49de599eb3ed3a6cc55f03b
         EAP-Message = 0xad529359b0a55e5bffa9cf65b3034d48c263c491b24a
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x62ac8299666f9397864e61d8e04a1f3e
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x62ac8299666f9397864e61d8e04a1f3e
         EAP-Message = 0x020300060d00
         Message-Authenticator = 0x2d9b3872003fc09e22bb4d9f6056991a
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
   modcall[authorize]: module "preprocess" returns ok for request 2
   rlm_eap: EAP packet type response id 3 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 2
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 
0x0104040a0dc00000100ed9f9f74b6ea9cea17710efc22bc0d77f58b0a5d3589ab19f13f90203010001a38201a6308201a230090603551d1304023000301106096086480186f8420101040403020640302b06096086480186f842010d041e161c54696e7943412047656e657261746564204365727469666963617465301d0603551d0e0416041442a94a9f048871b178d41a5d00a5668e78c045ff3081df0603551d230481d73081d48014b939b6ce8a52912eaece162418b1f4d8303d042ea181b0a481ad3081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e311430120603
         EAP-Message = 
0x55040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465820900890d6f61ac0ce005301d0603551d1204163014811273632d6974406b682d6265726c696e2e6465301d0603551d1104163014811273632d6974406b682d6265726c696e2e646530160603551d250101ff040c300a06082b06010505070301300d06092a864886f70d01010505000382020100c0925f1aa48825e5c192abc4a792cb36b69953
         EAP-Message = 
0x782adc04d3e24436b4322312505087f51371012554b69768c152ed7083dba76437cc2bd09ed94b2a08a9ce1ad303a04ee2459c219c6e8341c44175cdcf5426ab7d10b9512877be1cd89204061f78c7f9296b5c73bcc315b281029163cd1f05d9fff0f772fd26964959a4493ef045f91dda761420537f2845a12d7a0f7f04502390dd6fb1e7cbff2891d8eee5abcf7da435ab6b163e2475fad3ccf8cfdc7ad019fbbe1deb47fbcad40dd4f57d2ed127665ca99cc035d93bf5df6ad79529fa142cb7f03eedd1aca47ad648db900e6dcd1966efb52a2c9dfa5ce5148ad4bd37716414c3a82bcb9a8cd805f1ea4e66f0171174e8099310d720186c2774cdc2
         EAP-Message = 
0xf80283f897fa84a1281e34c77148ca68508cd2eaf3f9167f76b41df115df8bcf02746dac891da3f58b4a45e5085dcbb3e9129106bb999f2b6b4722b86a32e18732260fa1093643a982b52951d7011141f3ea9ec18429482b3977620aa50aa40cd30eb3ed16f1a1c77d07df0672abdf64d608ff85a9076b95afb5a12a3a1fc231024403628b1db8cf04d474be335f83e230d506eb574b91fd672e092dd86088ea95edbe95aaecc00f4610520cd6a624103c64d1e8f6ebb8027ec42fa27ff3fdad82731a8511b8a68751452ebcbd13e11a0abe6d1f82fd5ce98af910ce7e62a69e9ac2383ee9b3dc0a973af95706a3a1c700076c3082076830820550a003
         EAP-Message = 0x020102020900890d6f61ac0ce005300d06092a864886
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xd16ad97d1f76b6e6878fff568b2c4c2e
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0xd16ad97d1f76b6e6878fff568b2c4c2e
         EAP-Message = 0x020400060d00
         Message-Authenticator = 0xd3cac87903c299148d8aee901bb87d85
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
   modcall[authorize]: module "preprocess" returns ok for request 3
   rlm_eap: EAP packet type response id 4 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 3
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 
0x0105040a0dc00000100ef70d01010505003081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465301e170d3035303930353038303532355a170d3135303930333038303532355a3081aa310b3009060355040613024445310f300d060355040813064265726c
         EAP-Message = 
0x696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e646530820222300d06092a864886f70d01010105000382020f003082020a0282020100c4e58d7b46104aaed067a7f4e2c0bce5fd30388b52102731e8ae991947c14547ca41753f07ee2f50c4374b00950c83165fce3e38cdf4b4749dce3641ce01e450a7f1e53de6997ac4a19b93cc212b
         EAP-Message = 
0x2cfb5425c7b1421b89951478dadba32ce7c00421c9791d1af1b38e9ce04141c724d866fb11c06bd13a626f830825d002beccae484fcaa3840fdab94afdd1e454155451678ecb4ae36c1628afce08a8622736e5f29360512174ffa60a3a713794d781efa85d83c6df6cc78262910cb757c515450569cd668cdb29a709e3f8d52dde54c69e2b84b0be385347948e360e4095499957b42d0a918cbc647a2377c0c26e0925f386d520f0bc2f25b206a93075e9382d590f4724352edc61a0e497dece898c31ca22c4320d02b55bb519c90f228fcbd6f1d72057245e35a3170a354b207ef1f2a61585256e493bff8b363075452e21cbb5cb26167d8d1201c419
         EAP-Message = 
0x11569768a99eea5cff0fb0458e5615e42e8aec5417f2493f5b81cf7b9cdb4ad1995c0c8bced370d073ee8eefb21f833372027c4fcb84c23c73d1b44df6f5ca34e0d9f674900f9ddf1340179016868a3697a807624dd8f0ff7aea8460241df0a8a74eb8b0151171395155db1fd0b87be63c7047fda731126880bf2228332a38f11ac024cb944d68ce72da5f43d73609e82f92486f4eaad235b104ae3c93061600b3a54e895841eac966309ad0c18cccf17453210f450203010001a382018d30820189301d0603551d0e04160414b939b6ce8a52912eaece162418b1f4d8303d042e3081df0603551d230481d73081d48014b939b6ce8a52912eaece1624
         EAP-Message = 0x18b1f4d8303d042ea181b0a481ad3081aa310b300906
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xba5a2b49ec81141bc1deb21c9792c137
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0xba5a2b49ec81141bc1deb21c9792c137
         EAP-Message = 0x020500060d00
         Message-Authenticator = 0xf7f1738e59b02e648c5cce4946e9df9c
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
   modcall[authorize]: module "preprocess" returns ok for request 4
   rlm_eap: EAP packet type response id 5 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 4
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 
0x0106040a0dc00000100e0355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465820900890d6f61ac0ce005300f0603551d130101ff040530030101ff301106096086480186f842010104040302010630090603551d1204023000302b06096086480186f842010d041e161c54696e
         EAP-Message = 
0x7943412047656e657261746564204365727469666963617465301d0603551d1104163014811273632d6974406b682d6265726c696e2e6465300b0603551d0f040403020106300d06092a864886f70d0101050500038202010060f0ab4236cda26ba7ceaedfd61052c52b73e1e028ffe29171395f9074e4beee7eab73afc427c17cd0f37e96c7af6eda553a92b2b426f723c283c8ea027f3ab17c93d1ffa7c8a29fedbc83f11f8731a140393c56aceffae318f7ebbca367fed9280513ce2cfad1257c59f056e3898e928f968baa6c3cc094ca50b9072674b8fa43ab0e31c4a7a54eb8f96ad4d275011a449807c3abe4865d8f837ee4d8db0c081af218c0
         EAP-Message = 
0x0a878d4c7e30268282034b35a666b8295eb53ee41bcda9345a7d48fdb7dc306180df06ec546e826d73d7dd62bf449c6eb948aa85c808893b308a32636cb151b044b839fc382f8623863d7ac78b7bf3e0f2c1ac4c8a69b9184e58733d966120ce334ab7212f23b85a8e8d5b2ada0f4cc7cb981fafd3585c398b351a06870271c71e537b4010a7d2914151b076a5f4094d1ab64e46a93dbba7456fa75be4006a172f6824219fad1b4c95322c6b9a1703515545ebbdae485fa994ac81fb8d308cdb58038d6c95c15d29f0a317e03877225eebe3647f28dc2361d7fb1894231e475805ec5e95ab5a37c96c70b000695caee3562f474af69b11fc67ccf54e9f
         EAP-Message = 
0x0f1d1adc2c9038d56a9fa3454320444843fe38e00de285cb9120b24416fa909c259b52d069e64d0d9faa37c336f8bd3a8128a8f5e244029a5ded25e10bfc551dc08730e133a4e4b744cf3d8c038d38b1692c1d4876f92d109efcf136355c2216030100bd0d0000b50301020500af00ad3081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f486653312130
         EAP-Message = 0x1f06092a864886f70d010901161273632d6974406b68
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xf231b7f39c1572d02d39ff49f54d210e
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0xf231b7f39c1572d02d39ff49f54d210e
         EAP-Message = 0x020600060d00
         Message-Authenticator = 0x6ed026eb8c4fb95b5977cf6883d7f3ff
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
   modcall[authorize]: module "preprocess" returns ok for request 5
   rlm_eap: EAP packet type response id 6 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 5
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x010700180d800000100e2d6265726c696e2e64650e000000
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x3c5f8b0008d1f3af6b3943916a23e2ff
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=1591
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x3c5f8b0008d1f3af6b3943916a23e2ff
         EAP-Message = 
0x020705d20dc000000bc31603010b930b00078300078000077d3082077930820561a00302010202012a300d06092a864886f70d01010505003081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465301e170d3036303930313131313833325a170d3037303930
         EAP-Message = 
0x313131313833325a308198310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d49543111300f0603550403130876696e666f2d74313123302106092a864886f70d010901161476696e666f2d74312d6e65756572406c6f63616c30820222300d06092a864886f70d01010105000382020f003082020a0282020100b18a3f0af2253a6b7b341ff99f9e24a6609f6d713a4fb201bdd54cbed3071b162b1539c66654db5499ca640321d6546b94cf03be2a8b99354c
         EAP-Message = 
0xc6440e479e13c5e2351cff190d88fdc18729807d495d0d965e52f9e55c9edf96d7fb09b045a018610f657c26730ca6ad79f3f9b54ddfe4477697a92d10127515e3a1c384e8d6d1aa93dc3435aa7387412a66e66afcc38671c806889034450f131a40d93d8056f047884aea4c4aa227f868adc26909dfc61f0dea21e8ea55ff831d12b415a24a3aa15de0871ed034da8743b089664377b4269297aadba01e6f88e1d314f37951fe71e61ea5da38523f7a69aff0334649a49b1a1fa42da2ced0b83c39785f5a791682a6b19b8fe69487622f5e1ec3d9ceaf8bb3211e6a81c252e16ce15767656c58beb13bc0cae1de938c1900f1ee727eed5870fc1901c9
         EAP-Message = 
0xe546349574e7b49ef07d47123e10535807e8186ba7f41656fe19bd54c36c04799eb7367550d27836cb3f229f648b139767e29364164123ec379969ec6ffd7c40e6c93c32d00b6c4976b183051b45e35ba08cb674739be00808809ed6582184753e871bccb1068664dafe46bb0b20cc4885a463294a28502c694c1577f5e66b28cae490a7234d2cd5407d119673335e2a3f24726bf077d68aa92fdc4fc8aa9eca709bd9637dee65ee966de96b99ff8693c4b07362734b73057c6cb638e0463e536a250ef429eaddd63ea30203010001a38201b8308201b430090603551d1304023000301106096086480186f84201010404030204b0302b060960864801
         EAP-Message = 
0x86f842010d041e161c54696e7943412047656e657261746564204365727469666963617465301d0603551d0e04160414c0720a9171d9e7a973ccb4b0ad17b4ed61af06b93081df0603551d230481d73081d48014b939b6ce8a52912eaece162418b1f4d8303d042ea181b0a481ad3081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06
         EAP-Message = 
0x092a864886f70d010901161273632d6974406b682d6265726c696e2e6465820900890d6f61ac0ce005301d0603551d1204163014811273632d6974406b682d6265726c696e2e6465301f0603551d1104183016811476696e666f2d74312d6e65756572406c6f63616c300e0603551d0f0101ff0404030205a030160603551d250101ff040c300a06082b06010505070302300d06092a864886f70d010105050003820201002b8b5adf8cddd67cfa0571cd173867feca7ac917203321554e8f41f953189df68b435d9416427009c7c6f1304ea086ff5717599c2c58b991bcc544fc
         Message-Authenticator = 0x74fd373b468d81483b5c29000421eea7
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
   modcall[authorize]: module "preprocess" returns ok for request 6
   rlm_eap: EAP packet type response id 7 length 253
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 6
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Received EAP-TLS First Fragment of the message
   eaptls_verify returned 9
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x010800060d00
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x359ee7405de06aa7a6b8c2e7169a6014
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=1591
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x359ee7405de06aa7a6b8c2e7169a6014
         EAP-Message = 
0x020805d20d4086beba4b46ca59a277fbc153a403766ff039c6fca35370d848d69f938ff19037f6b6d341f9692327f3833585b67c45c19a108c0343f2fb69c6eb19ed624f2a2cbfdca3e2d64860327a7a4768a7cac2804f7beaf7db967260203e53d1863ca7599484e29d0261eeb21bdd6e718370c6518e249f57fc3977ab0fd47900b6efb8a57c3359cf81c9c5b26b4f566a494686078fb6e904a35569c17d4873c36f74fdb47d7b57f9441e8c33d76d0241ace6e7f1c3d28b96a8a1c7b8035ec87ea197480fa41e7ba093866ee476f9d6e20d6aa701826ef468f4370d41582fc63bd550bbffaf4f98025183be1aa8d2a5d2dba0e6cff53969744b1fcf
         EAP-Message = 
0x449a43d3a8addf3d68b4a14c4171a80d7312bfe9a1e9b3486810e41a75848895d3f29b2f51a79c522197628709276de510791b49f31aeafb44d452433eab636f3e46c3df5823e29e91cd832c45d6d2e69a9054a2a420f6bac3c403e1af36e8ba0fa0d4b1b6f4a2709b105257bea66fad471ef2678043b66ee14170754bce551ccb2b237177673e42b7cd8b11c135ca72c57df7cd1e741d3801df735927781da8776bb19786aeee2775fb8d9d74eb335196403c57629519dfeb599815230d97825bfd0655aa7ee88c6baf2d91b91000020202002aea80d0990edde01b74574abb253276a3dae7b2f2598871abb0c263c9a7187ef5b5ac34f4a56f12478d
         EAP-Message = 
0xbfd50b9a35788de43df3f7a7e18f3fdd650fd65cbdeccf00edd545546450a0f1604980546880abf63bcd65544bb17d6bbcf8340fa6052d2c5f8d10e74b73d90d02efe863fc9e61f6122d06e5d5d95d1e3e5951bc7c20edb043c70b531e9b5d739bb313774e0bde1891ae03872a6ecc463c8a3597aef29a8820a48bf7b626fe5530ababf965d8bd1997b01cd23b8b6bdca98da8aff8082de1ba7c07d566dc2fa054ac0ee55f928b587b1e94474655c9bd28ddb2bd8ce6a93e507e3729b30a3a2b81a2413c244a2a8f7f8fbfda98dc7f813d8d03cb41830e39be756acdf07e8b1be302780b3fa5d0596fbdfa9159ffb25f975a75fd7f54dc8f7cef6b2660
         EAP-Message = 
0x2361f8394ba18d76313d4eb2fdae74c1cc2ee19630748e4272ea7074687fb7980e4aff71e3e6b43a1a4ddeee90b0787bc8e6410a4ec1e90d342f53769da1e0802989bba6abb18e59dcc3c9f35b9ad2ff871aef69063b1eaafa095931d9a0dce611976ed726c9782b5573f0ad30b18561e69db7d61458e7757c73a69756ec937abff25019c0d9846dae4a05ac3342cb0705c57f302afad433ce9960fe5403b98209ad7adc7b8767e831c3e4af7a5d53ba775e4032dc9ebd7beb589aadfbb19818d7130dca7e39ec93c149107adea129c2b06af3f9983a6225df0f000202020011e0a1abca0165911964c287c77120adf9b19b4f77b21b21a05427924e28
         EAP-Message = 
0xb0e23d003215ba80dce06177c17848d450c46115113f274a6ee45912b23b8f7878f6f375d7fef9fa8896c1288720589bba7e5392b9b045307031fc69c4bd4962e6198e2cc640f373c3e4cda6203667a57a0652fb742af62da2e0860b32335d7caaaefe873e186e125cf5cdf8ea8f1ba95b9aa1684dde9fce5762485a38ed725b79f1461068319966572f4b2d7886ec6572ecf4c94408b6a7708a2ab37c766f77ba4af9aba59aee2aa94c29562d61d653071913d6bb3a69a25140427ef8d28aefefb411bbbe5b9beba21c12e8fbfc87f38e2008c3138915b1140f8c74e5f2db4114a6bf6fdd4e13423241296ae022b21ff95305eca6284e302721a17cfa
         EAP-Message = 
0x358a88c665ac350fd228dc7fc3983efb2280855be8b829d3fc63a0acd3d6b0af5d42964eff7b75024579a4486a876b937bd15f15f937cde01be66d07e6fe0a739fe81e6a23b38065a404f32a8c4f6b24cbb3407a0dea6897e8a11219051a75c5ad04a424ff90eaa26eedec224f685f6eca3968b322bd4897de1a311a37ab20da9690a1dac10217e22a29b6dbbc55f967d56645ecd9daa87d449a3e0a0d7e96028e497bc36f53106d7b6bf903db8b50691814c3b2d515cfa62d1b40bad9ab4f7ad898e238da4d63a36edbae2e915d5d59a7bb668090efcdc56a1a3478d12662dc1b
         Message-Authenticator = 0x5d5a7d2d57f2a52f1f13358c8966b470
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
   modcall[authorize]: module "preprocess" returns ok for request 7
   rlm_eap: EAP packet type response id 8 length 253
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 7
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  More fragments to follow
   eaptls_verify returned 10
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x010900060d00
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xa9ec0e19c31f5fe70aedb7f7d0e88a2f
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=144
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0xa9ec0e19c31f5fe70aedb7f7d0e88a2f
         EAP-Message = 
0x020900350d00ccd800061403010001011603010020e56699f0f810201b2552cc0601a31099f48fa7103f4ee354d59246fc367dbffd
         Message-Authenticator = 0x696632f38a12e60fab75e2c8e5bc62ff
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
   modcall[authorize]: module "preprocess" returns ok for request 8
   rlm_eap: EAP packet type response id 9 length 53
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 8
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0787], Certificate
chain-depth=1,
error=0
--> User-Name = host/vinfo-t1
--> BUF-Name = ServiceCenter-IT_KHB_HfM_HfS
--> subject = /C=DE/ST=Berlin/L=Berlin/O=KHB HfM 
HfS/OU=ServiceCenter-IT/CN=ServiceCenter-IT_KHB_HfM_HfS/emailAddress=sc-it at kh-berlin.de
--> issuer  = /C=DE/ST=Berlin/L=Berlin/O=KHB HfM 
HfS/OU=ServiceCenter-IT/CN=ServiceCenter-IT_KHB_HfM_HfS/emailAddress=sc-it at kh-berlin.de
--> verify return:1
--> verify error:num=9:certificate is not yet valid
   rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal bad_certificate
TLS Alert write:fatal:bad certificate
     TLS_accept:error in SSLv3 read client certificate B
9054:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no 
certificate returned:s3_srvr.c:2482:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x010a00110d80000000071503010002022a
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x2234f2a04eac43d7190c2eb599db66dc
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x2234f2a04eac43d7190c2eb599db66dc
         EAP-Message = 0x020a00060d00
         Message-Authenticator = 0x58ed75061e4f8f0db896ce17b4ec179b
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
   modcall[authorize]: module "preprocess" returns ok for request 9
   rlm_eap: EAP packet type response id 10 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 9
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 9
modcall: leaving group authorize (returns updated) for request 9
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack alert
   eaptls_verify returned 4
   eaptls_process returned 4
  rlm_eap: Handler failed in EAP/tls
   rlm_eap: Failed in EAP select
   modcall[authenticate]: module "eap" returns invalid for request 9
modcall: leaving group authenticate (returns invalid) for request 9
auth: Failed to validate the user.
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
Sending Access-Reject of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x040a0004
         Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 0 with timestamp 44cdf6a1
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=91
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         EAP-Message = 0x020c001201686f73742f76696e666f2d7431
         Message-Authenticator = 0x896b213f641e21cae37d8783ed92a6af
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
   modcall[authorize]: module "preprocess" returns ok for request 10
   rlm_eap: EAP packet type response id 12 length 18
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 10
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 10
modcall: leaving group authorize (returns updated) for request 10
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x010d00060d20
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x1bb29fa8bf1aa2e286207b6fdd44a0f4
Finished request 10
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=171
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x1bb29fa8bf1aa2e286207b6fdd44a0f4
         EAP-Message = 
0x020d00500d800000004616030100410100003d030144fbf55fb99ce5e0c2448e35dd6e6182389b0ef9dd3923ca49d265ccf02b904000001600040005000a000900640062000300060013001200630100
         Message-Authenticator = 0x3c9e43262511932f1695d966d717783b
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
   modcall[authorize]: module "preprocess" returns ok for request 11
   rlm_eap: EAP packet type response id 13 length 80
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 11
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 11
modcall: leaving group authorize (returns updated) for request 11
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
     (other): before/accept initialization
     TLS_accept: before/accept initialization
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
     TLS_accept: SSLv3 read client hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
     TLS_accept: SSLv3 write server hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0ef8], Certificate
     TLS_accept: SSLv3 write certificate A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 00bd], CertificateRequest
     TLS_accept: SSLv3 write certificate request A
     TLS_accept: SSLv3 flush data
     TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 
0x010e040a0dc00000100e160301004a02000046030144cdf6a8aeea8bc6b691f8ed21ddfeca67497f07df94855d23328c9ae25d58d520ecdfed5d550b26ac321d92acf4c01975ebb9c4e6bb16485379f5355d702ffcd30004001603010ef80b000ef4000ef100077f3082077b30820563a003020102020128300d06092a864886f70d01010505003081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543
         EAP-Message = 
0x656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465301e170d3036303831303039333334335a170d3037303831303039333334335a3081ac310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312730250603550403131e7261646975732e76657277616c74756e672e6b682d6265726c696e2e64653121301f06092a864886f70d010901161273632d6974406b682d
         EAP-Message = 
0x6265726c696e2e646530820222300d06092a864886f70d01010105000382020f003082020a02820201009d061598c850223454cb70a58cae0a1ac2db0b6a963d25c96c632b1eb2a9177e3e8a066fa9c3596c4a1b035def3b6c589a12209a6d7ab7aa4144de890803c34cb5239cdb3b7266426049d475ed3e354fe494dee46a17e7478065c7332f6ac621d9b754d46812dc4ffda7a39bf33987fbe6951a591aee791c9468cc70f5a821683640675bafea24fe5291d6750c30a1b0a4c52cbeb6a18ce514038432f3dc83ce12657de67976dff9a7643b7ad340240e5e69385355b64d3e77f4bb0dfbc8fd63258a308c2a6e82f9c0c92e7e4ccadf848cc3bb
         EAP-Message = 
0x57d592dcf46930c794fa0b338c9db103b9a7162352ff8cac3b680d64ec0b865bf74778839cd1530d79ba553a2bd9ffb112534cd758bb3b3dba26037ed1c158089af8903e9f5b684061ddd413fb192cfc5024c03b177184101d68bc7111ccdcb6bee8c98d1642bbc547e8211dab2fd5d45488da089a17edaa9b4dd4357d4adcb0e33553210a5ad0e84edc9f9a769297649672d5f78e2f3687e99c411abea88e0363fe1afb7dcf05a8838ef07cec88337f903a94a6207893b5e9ff80441a12b6847ff008eb8c257878f6711a8f8c053315d4ae87b36661cdee73a3cbaca92d14f480804c7476d36665c417db9c954795423ca49de599eb3ed3a6cc55f03b
         EAP-Message = 0xad529359b0a55e5bffa9cf65b3034d48c263c491b24a
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x042d4a21986c4743a484d2db89cd0c33
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x042d4a21986c4743a484d2db89cd0c33
         EAP-Message = 0x020e00060d00
         Message-Authenticator = 0x7540ade5dc60f3209b713f2a001bb519
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
   modcall[authorize]: module "preprocess" returns ok for request 12
   rlm_eap: EAP packet type response id 14 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 12
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 12
modcall: leaving group authorize (returns updated) for request 12
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 
0x010f040a0dc00000100ed9f9f74b6ea9cea17710efc22bc0d77f58b0a5d3589ab19f13f90203010001a38201a6308201a230090603551d1304023000301106096086480186f8420101040403020640302b06096086480186f842010d041e161c54696e7943412047656e657261746564204365727469666963617465301d0603551d0e0416041442a94a9f048871b178d41a5d00a5668e78c045ff3081df0603551d230481d73081d48014b939b6ce8a52912eaece162418b1f4d8303d042ea181b0a481ad3081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e311430120603
         EAP-Message = 
0x55040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465820900890d6f61ac0ce005301d0603551d1204163014811273632d6974406b682d6265726c696e2e6465301d0603551d1104163014811273632d6974406b682d6265726c696e2e646530160603551d250101ff040c300a06082b06010505070301300d06092a864886f70d01010505000382020100c0925f1aa48825e5c192abc4a792cb36b69953
         EAP-Message = 
0x782adc04d3e24436b4322312505087f51371012554b69768c152ed7083dba76437cc2bd09ed94b2a08a9ce1ad303a04ee2459c219c6e8341c44175cdcf5426ab7d10b9512877be1cd89204061f78c7f9296b5c73bcc315b281029163cd1f05d9fff0f772fd26964959a4493ef045f91dda761420537f2845a12d7a0f7f04502390dd6fb1e7cbff2891d8eee5abcf7da435ab6b163e2475fad3ccf8cfdc7ad019fbbe1deb47fbcad40dd4f57d2ed127665ca99cc035d93bf5df6ad79529fa142cb7f03eedd1aca47ad648db900e6dcd1966efb52a2c9dfa5ce5148ad4bd37716414c3a82bcb9a8cd805f1ea4e66f0171174e8099310d720186c2774cdc2
         EAP-Message = 
0xf80283f897fa84a1281e34c77148ca68508cd2eaf3f9167f76b41df115df8bcf02746dac891da3f58b4a45e5085dcbb3e9129106bb999f2b6b4722b86a32e18732260fa1093643a982b52951d7011141f3ea9ec18429482b3977620aa50aa40cd30eb3ed16f1a1c77d07df0672abdf64d608ff85a9076b95afb5a12a3a1fc231024403628b1db8cf04d474be335f83e230d506eb574b91fd672e092dd86088ea95edbe95aaecc00f4610520cd6a624103c64d1e8f6ebb8027ec42fa27ff3fdad82731a8511b8a68751452ebcbd13e11a0abe6d1f82fd5ce98af910ce7e62a69e9ac2383ee9b3dc0a973af95706a3a1c700076c3082076830820550a003
         EAP-Message = 0x020102020900890d6f61ac0ce005300d06092a864886
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xb9b86fc0e4881bcc45520f173812f948
Finished request 12
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0xb9b86fc0e4881bcc45520f173812f948
         EAP-Message = 0x020f00060d00
         Message-Authenticator = 0x324813d2519a1143af74caf29d6e4cc4
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
   modcall[authorize]: module "preprocess" returns ok for request 13
   rlm_eap: EAP packet type response id 15 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 13
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 13
modcall: leaving group authorize (returns updated) for request 13
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 
0x0110040a0dc00000100ef70d01010505003081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465301e170d3035303930353038303532355a170d3135303930333038303532355a3081aa310b3009060355040613024445310f300d060355040813064265726c
         EAP-Message = 
0x696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e646530820222300d06092a864886f70d01010105000382020f003082020a0282020100c4e58d7b46104aaed067a7f4e2c0bce5fd30388b52102731e8ae991947c14547ca41753f07ee2f50c4374b00950c83165fce3e38cdf4b4749dce3641ce01e450a7f1e53de6997ac4a19b93cc212b
         EAP-Message = 
0x2cfb5425c7b1421b89951478dadba32ce7c00421c9791d1af1b38e9ce04141c724d866fb11c06bd13a626f830825d002beccae484fcaa3840fdab94afdd1e454155451678ecb4ae36c1628afce08a8622736e5f29360512174ffa60a3a713794d781efa85d83c6df6cc78262910cb757c515450569cd668cdb29a709e3f8d52dde54c69e2b84b0be385347948e360e4095499957b42d0a918cbc647a2377c0c26e0925f386d520f0bc2f25b206a93075e9382d590f4724352edc61a0e497dece898c31ca22c4320d02b55bb519c90f228fcbd6f1d72057245e35a3170a354b207ef1f2a61585256e493bff8b363075452e21cbb5cb26167d8d1201c419
         EAP-Message = 
0x11569768a99eea5cff0fb0458e5615e42e8aec5417f2493f5b81cf7b9cdb4ad1995c0c8bced370d073ee8eefb21f833372027c4fcb84c23c73d1b44df6f5ca34e0d9f674900f9ddf1340179016868a3697a807624dd8f0ff7aea8460241df0a8a74eb8b0151171395155db1fd0b87be63c7047fda731126880bf2228332a38f11ac024cb944d68ce72da5f43d73609e82f92486f4eaad235b104ae3c93061600b3a54e895841eac966309ad0c18cccf17453210f450203010001a382018d30820189301d0603551d0e04160414b939b6ce8a52912eaece162418b1f4d8303d042e3081df0603551d230481d73081d48014b939b6ce8a52912eaece1624
         EAP-Message = 0x18b1f4d8303d042ea181b0a481ad3081aa310b300906
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x6179ba5cc238e25da7d0bbfaa7f48ec2
Finished request 13
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x6179ba5cc238e25da7d0bbfaa7f48ec2
         EAP-Message = 0x021000060d00
         Message-Authenticator = 0xc4de36b8d15b71d6503d44e5064b1ac5
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
   modcall[authorize]: module "preprocess" returns ok for request 14
   rlm_eap: EAP packet type response id 16 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 14
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 14
modcall: leaving group authorize (returns updated) for request 14
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 
0x0111040a0dc00000100e0355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465820900890d6f61ac0ce005300f0603551d130101ff040530030101ff301106096086480186f842010104040302010630090603551d1204023000302b06096086480186f842010d041e161c54696e
         EAP-Message = 
0x7943412047656e657261746564204365727469666963617465301d0603551d1104163014811273632d6974406b682d6265726c696e2e6465300b0603551d0f040403020106300d06092a864886f70d0101050500038202010060f0ab4236cda26ba7ceaedfd61052c52b73e1e028ffe29171395f9074e4beee7eab73afc427c17cd0f37e96c7af6eda553a92b2b426f723c283c8ea027f3ab17c93d1ffa7c8a29fedbc83f11f8731a140393c56aceffae318f7ebbca367fed9280513ce2cfad1257c59f056e3898e928f968baa6c3cc094ca50b9072674b8fa43ab0e31c4a7a54eb8f96ad4d275011a449807c3abe4865d8f837ee4d8db0c081af218c0
         EAP-Message = 
0x0a878d4c7e30268282034b35a666b8295eb53ee41bcda9345a7d48fdb7dc306180df06ec546e826d73d7dd62bf449c6eb948aa85c808893b308a32636cb151b044b839fc382f8623863d7ac78b7bf3e0f2c1ac4c8a69b9184e58733d966120ce334ab7212f23b85a8e8d5b2ada0f4cc7cb981fafd3585c398b351a06870271c71e537b4010a7d2914151b076a5f4094d1ab64e46a93dbba7456fa75be4006a172f6824219fad1b4c95322c6b9a1703515545ebbdae485fa994ac81fb8d308cdb58038d6c95c15d29f0a317e03877225eebe3647f28dc2361d7fb1894231e475805ec5e95ab5a37c96c70b000695caee3562f474af69b11fc67ccf54e9f
         EAP-Message = 
0x0f1d1adc2c9038d56a9fa3454320444843fe38e00de285cb9120b24416fa909c259b52d069e64d0d9faa37c336f8bd3a8128a8f5e244029a5ded25e10bfc551dc08730e133a4e4b744cf3d8c038d38b1692c1d4876f92d109efcf136355c2216030100bd0d0000b50301020500af00ad3081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f486653312130
         EAP-Message = 0x1f06092a864886f70d010901161273632d6974406b68
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x5d9d8b0057df148fc651bc9a2285fa89
Finished request 14
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x5d9d8b0057df148fc651bc9a2285fa89
         EAP-Message = 0x021100060d00
         Message-Authenticator = 0xd0f7bb33b488d0184214011d45f441cd
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
   modcall[authorize]: module "preprocess" returns ok for request 15
   rlm_eap: EAP packet type response id 17 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 15
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 15
modcall: leaving group authorize (returns updated) for request 15
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 15
modcall: leaving group authenticate (returns handled) for request 15
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x011200180d800000100e2d6265726c696e2e64650e000000
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xa933742c9668ad2c0113a94a7260b40b
Finished request 15
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=1591
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0xa933742c9668ad2c0113a94a7260b40b
         EAP-Message = 
0x021205d20dc000000bc31603010b930b00078300078000077d3082077930820561a00302010202012a300d06092a864886f70d01010505003081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06092a864886f70d010901161273632d6974406b682d6265726c696e2e6465301e170d3036303930313131313833325a170d3037303930
         EAP-Message = 
0x313131313833325a308198310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d49543111300f0603550403130876696e666f2d74313123302106092a864886f70d010901161476696e666f2d74312d6e65756572406c6f63616c30820222300d06092a864886f70d01010105000382020f003082020a0282020100b18a3f0af2253a6b7b341ff99f9e24a6609f6d713a4fb201bdd54cbed3071b162b1539c66654db5499ca640321d6546b94cf03be2a8b99354c
         EAP-Message = 
0xc6440e479e13c5e2351cff190d88fdc18729807d495d0d965e52f9e55c9edf96d7fb09b045a018610f657c26730ca6ad79f3f9b54ddfe4477697a92d10127515e3a1c384e8d6d1aa93dc3435aa7387412a66e66afcc38671c806889034450f131a40d93d8056f047884aea4c4aa227f868adc26909dfc61f0dea21e8ea55ff831d12b415a24a3aa15de0871ed034da8743b089664377b4269297aadba01e6f88e1d314f37951fe71e61ea5da38523f7a69aff0334649a49b1a1fa42da2ced0b83c39785f5a791682a6b19b8fe69487622f5e1ec3d9ceaf8bb3211e6a81c252e16ce15767656c58beb13bc0cae1de938c1900f1ee727eed5870fc1901c9
         EAP-Message = 
0xe546349574e7b49ef07d47123e10535807e8186ba7f41656fe19bd54c36c04799eb7367550d27836cb3f229f648b139767e29364164123ec379969ec6ffd7c40e6c93c32d00b6c4976b183051b45e35ba08cb674739be00808809ed6582184753e871bccb1068664dafe46bb0b20cc4885a463294a28502c694c1577f5e66b28cae490a7234d2cd5407d119673335e2a3f24726bf077d68aa92fdc4fc8aa9eca709bd9637dee65ee966de96b99ff8693c4b07362734b73057c6cb638e0463e536a250ef429eaddd63ea30203010001a38201b8308201b430090603551d1304023000301106096086480186f84201010404030204b0302b060960864801
         EAP-Message = 
0x86f842010d041e161c54696e7943412047656e657261746564204365727469666963617465301d0603551d0e04160414c0720a9171d9e7a973ccb4b0ad17b4ed61af06b93081df0603551d230481d73081d48014b939b6ce8a52912eaece162418b1f4d8303d042ea181b0a481ad3081aa310b3009060355040613024445310f300d060355040813064265726c696e310f300d060355040713064265726c696e31143012060355040a130b4b48422048664d2048665331193017060355040b13105365727669636543656e7465722d4954312530230603550403141c5365727669636543656e7465722d49545f4b48425f48664d5f4866533121301f06
         EAP-Message = 
0x092a864886f70d010901161273632d6974406b682d6265726c696e2e6465820900890d6f61ac0ce005301d0603551d1204163014811273632d6974406b682d6265726c696e2e6465301f0603551d1104183016811476696e666f2d74312d6e65756572406c6f63616c300e0603551d0f0101ff0404030205a030160603551d250101ff040c300a06082b06010505070302300d06092a864886f70d010105050003820201002b8b5adf8cddd67cfa0571cd173867feca7ac917203321554e8f41f953189df68b435d9416427009c7c6f1304ea086ff5717599c2c58b991bcc544fc
         Message-Authenticator = 0x240fcaee4fe2f6c8b3b0202f5614b8fe
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
   modcall[authorize]: module "preprocess" returns ok for request 16
   rlm_eap: EAP packet type response id 18 length 253
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 16
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 16
modcall: leaving group authorize (returns updated) for request 16
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Received EAP-TLS First Fragment of the message
   eaptls_verify returned 9
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 16
modcall: leaving group authenticate (returns handled) for request 16
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x011300060d00
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xbbe78aa63952e446ebe9ab5174aac8e8
Finished request 16
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=1591
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0xbbe78aa63952e446ebe9ab5174aac8e8
         EAP-Message = 
0x021305d20d4086beba4b46ca59a277fbc153a403766ff039c6fca35370d848d69f938ff19037f6b6d341f9692327f3833585b67c45c19a108c0343f2fb69c6eb19ed624f2a2cbfdca3e2d64860327a7a4768a7cac2804f7beaf7db967260203e53d1863ca7599484e29d0261eeb21bdd6e718370c6518e249f57fc3977ab0fd47900b6efb8a57c3359cf81c9c5b26b4f566a494686078fb6e904a35569c17d4873c36f74fdb47d7b57f9441e8c33d76d0241ace6e7f1c3d28b96a8a1c7b8035ec87ea197480fa41e7ba093866ee476f9d6e20d6aa701826ef468f4370d41582fc63bd550bbffaf4f98025183be1aa8d2a5d2dba0e6cff53969744b1fcf
         EAP-Message = 
0x449a43d3a8addf3d68b4a14c4171a80d7312bfe9a1e9b3486810e41a75848895d3f29b2f51a79c522197628709276de510791b49f31aeafb44d452433eab636f3e46c3df5823e29e91cd832c45d6d2e69a9054a2a420f6bac3c403e1af36e8ba0fa0d4b1b6f4a2709b105257bea66fad471ef2678043b66ee14170754bce551ccb2b237177673e42b7cd8b11c135ca72c57df7cd1e741d3801df735927781da8776bb19786aeee2775fb8d9d74eb335196403c57629519dfeb599815230d97825bfd0655aa7ee88c6baf2d91b91000020202001ea3e0bbf3015ac3219593585bba603031281b916e9bc828b843b62eb22a5979032d6a2379bb698c7801
         EAP-Message = 
0x11fd752a28fd02d36754eb59732321b0bd7598aff2a33495e83df0bbeab1afe571e2cb833456506b8a6a46e8bf58331a4298496a797c439808fdd3fd48488444e371fb53d6e884a216c3455886b286a645c29f534fcb9b35a88988c90fb4cad5a390642ea323477f20d423992b2aabba48ed5e4b8cb171749923d913f8c8257f55963246bca0680511ad850248171a7a893635da58800fc162672582d4ce63c9fefe709d823c95cde4188e20d67b0e3197b4d887323062d71159e3b53be1c096c7f2e2f2906068eef5add2f22490492ca17190d6121926659ad25a4b5af8244404e365b2ad8e3fe5ba13f8642faaf29eea17501be86654ecbd6ccee4e7
         EAP-Message = 
0xeb3dbb86081087a7152915fb646c2a99796acc5150308ef7acac69d932fe95152af57317965f7037c12f7bec6fe249270c8534d01a6717d9ff15d914013b5ce3de0a34be1377b7a689a5cc7e74c7275e2ff50a81ef29622724e849ce727463734a9e2bc36f49da6913ba42c426085262d192ac00d5ed9b0016ba52491280a8f06cc61981de2c4a317bd6d3e7e0a1840e1e1f3b3b9532febde01abef099cbd56d990263b95ae12968175cb1b8f49de89dc8d35f7ae21b861537ed825f991186e2686d4aa701d9a54862c57610d9023981a291174537d7f21e940f00020202009792e38bf589b15d51e235d7e4b7257c240ef2197cbc523e7f1f06a91ad8
         EAP-Message = 
0x3f0a0d8c8a9ba88f16828710e99d04857a5e92cd77114769d1fba958fbd494cf280160a32b957b07ed4d5ea39107f0f04a28e0c9baae9023742de671b6416a28324230cee591653416fbed023ebcd3beb5dc7e9b653f9a696e3da64e47ce694b4c2e3390d73c73a2ed67f6205d4a790fca40d5f253cff5d1c07ed099384b237225182d2f7a3de28cea7dea2228bb05a54c00a406c60bfa4e98a65bb0c9109f49865b4ec10dee17f1d24d391eaaa8dc5221ae496f2a13598e2872a8d960b1d6c765663f2e87fd7d772a04f19f44a26edbb9f9b8435360e0a67a2be45ac06c34f43060af15cec606a1b8391ef4f7c6470c853d127a6939793eaf2e360935
         EAP-Message = 
0xcc8c98aecb44d1825aa263916d3a0b55e5d3b07fbe852c1b6f4b366697abbf6b4d6dcaac944904cc427223dbbced82a7c343ea7d1cf544d4b97072b35d86e890d34457e3c6b5856a936ce72406fc917bef33cfef0bfd33da369a6716f61c85206993e247bd986fac906c07d5ae1aea59411146820a616061498407db0cdc0f3218cec84e8ce742f014215676054efa12837c3673f3a2d33ae046539953dfadae8736590e1e13417643ab60216f631867cae1aa8332aded73f2211c13f72063ed01eb21b0f3e701bad68e3480cf67e3f4af6077e801f7871f6c845f465b87ee9c02
         Message-Authenticator = 0x3676aa85809613a74f958ade4f0e6964
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
   modcall[authorize]: module "preprocess" returns ok for request 17
   rlm_eap: EAP packet type response id 19 length 253
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 17
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 17
modcall: leaving group authorize (returns updated) for request 17
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  More fragments to follow
   eaptls_verify returned 10
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 17
modcall: leaving group authenticate (returns handled) for request 17
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x011400060d00
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x036b51ce3711c4403dc51cc5df01ecd9
Finished request 17
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=144
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x036b51ce3711c4403dc51cc5df01ecd9
         EAP-Message = 
0x021400350d000232e0771403010001011603010020331c53d76ee43f4db7107be4c3bb09b47a5c7b0b2c4da02e8b59a2988eebf2e6
         Message-Authenticator = 0x5edd3cd7421da0315efade97535b61ce
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
   modcall[authorize]: module "preprocess" returns ok for request 18
   rlm_eap: EAP packet type response id 20 length 53
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 18
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 18
modcall: leaving group authorize (returns updated) for request 18
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0787], Certificate
chain-depth=1,
error=0
--> User-Name = host/vinfo-t1
--> BUF-Name = ServiceCenter-IT_KHB_HfM_HfS
--> subject = /C=DE/ST=Berlin/L=Berlin/O=KHB HfM 
HfS/OU=ServiceCenter-IT/CN=ServiceCenter-IT_KHB_HfM_HfS/emailAddress=sc-it at kh-berlin.de
--> issuer  = /C=DE/ST=Berlin/L=Berlin/O=KHB HfM 
HfS/OU=ServiceCenter-IT/CN=ServiceCenter-IT_KHB_HfM_HfS/emailAddress=sc-it at kh-berlin.de
--> verify return:1
--> verify error:num=9:certificate is not yet valid
   rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal bad_certificate
TLS Alert write:fatal:bad certificate
     TLS_accept:error in SSLv3 read client certificate B
9054:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no 
certificate returned:s3_srvr.c:2482:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   modcall[authenticate]: module "eap" returns handled for request 18
modcall: leaving group authenticate (returns handled) for request 18
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x011500110d80000000071503010002022a
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x79296886e86472d17b3281f8b1a77d17
Finished request 18
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
         NAS-IP-Address = 10.48.244.21
         NAS-Port-Type = Ethernet
         NAS-Port = 2
         User-Name = "host/vinfo-t1"
         State = 0x79296886e86472d17b3281f8b1a77d17
         EAP-Message = 0x021500060d00
         Message-Authenticator = 0x537f24238453a140d4f6d3d21c17be71
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 19
   modcall[authorize]: module "preprocess" returns ok for request 19
   rlm_eap: EAP packet type response id 21 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 19
     users: Matched entry host/vinfo-t1 at line 219
   modcall[authorize]: module "files" returns ok for request 19
modcall: leaving group authorize (returns updated) for request 19
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 19
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack alert
   eaptls_verify returned 4
   eaptls_process returned 4
  rlm_eap: Handler failed in EAP/tls
   rlm_eap: Failed in EAP select
   modcall[authenticate]: module "eap" returns invalid for request 19
modcall: leaving group authenticate (returns invalid) for request 19
auth: Failed to validate the user.
Delaying request 19 for 1 seconds
Finished request 19
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.21:49154, id=0, 
length=97
Sending Access-Reject of id 0 to 10.48.244.21 port 49154
         EAP-Message = 0x04150004
         Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 19 ID 0 with timestamp 44cdf6a8
Nothing to do.  Sleeping until we see a request.


I don't know why the request ist send over again and again. Please help...

Thanks
  Alex


-- 
ServiceCenter IT - Alexandros Gougousoudis (Leiter)

Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule 
für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst 
Busch".

Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445





More information about the Freeradius-Users mailing list