EAP-TLS authentication (Alan DeKok)

anoop_c at sifycorp.com anoop_c at sifycorp.com
Fri Jul 13 13:37:41 CEST 2007


pls find the attached 

n: lower_user = \"no\"
 main: lower_pass = \"no\"
 main: nospace_user = \"no\"
 main: nospace_pass = \"no\"
 main: checkrad = \"/usr/local/sbin/checkrad\"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
 exec: wait = yes
 exec: program = \"(null)\"
 exec: input_pairs = \"request\"
 exec: output_pairs = \"(null)\"
 exec: packet_type = \"(null)\"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
 unix: cache = no
 unix: passwd = \"(null)\"
 unix: shadow = \"(null)\"
 unix: group = \"(null)\"
 unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = \"tls\"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = \"(null)\"
 tls: pem_file_type = yes
 tls: private_key_file = \"/etc/1x/07xwifi.pem\"
 tls: certificate_file = \"/etc/1x/07xwifi.pem\"
 tls: CA_file = \"/etc/1x/root.pem\"
 tls: private_key_password = \"password\"
 tls: dh_file = \"/etc/1x/DH\"
 tls: random_file = \"/etc/1x/random\"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = \"(null)\"
 tls: cipher_list = \"(null)\"
 tls: check_cert_issuer = \"(null)\"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = \"/etc/raddb/huntgroups\"
 preprocess: hints = \"/etc/raddb/hints\"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = \"suffix\"
 realm: delimiter = \"@\"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = \"/etc/raddb/users\"
 files: acctusersfile = \"/etc/raddb/acct_users\"
 files: preproxy_usersfile = \"/etc/raddb/preproxy_users\"
 files: compat = \"no\"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port\"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
 detail: detailfile = \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de tail-%Y%m%d\"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = \"/usr/local/var/log/radius/radutmp\"
 radutmp: username = \"%{User-Name}\"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=0, length=213
        Message-Authenticator = 0x33339877b96e876b381f2c9d3bf7ae2e
        Service-Type = Framed-User
        User-Name = \"saravanakumar07\"
        Framed-MTU = 1488
        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x02000014017361726176616e616b756d61723037
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module \"preprocess\" returns ok for request 0
    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 0
  rlm_eap: EAP packet type response id 0 length 20
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 0
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module \"eap\" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 0 to 192.168.0.50 port 1026
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x010100060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xdb8384b95c5c85f50f7621620d3cb041
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=1, length=307
        Message-Authenticator = 0x70278d02fc3d5048b44f5f934810a98a
        Service-Type = Framed-User
        User-Name = \"saravanakumar07\"
        Framed-MTU = 1488
        State = 0xdb8384b95c5c85f50f7621620d3cb041
        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x020100600d800000005616030100510100004d0301465a79c5ce91ab c2dd387cd382f0fa23cbb8ff9707ff565985a8ecbc27b01216101905323cb152176f2b0259ff77f5 bf4e001600040005000a000900640062000300060013001200630100
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module \"preprocess\" returns ok for request 1
    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 1
  rlm_eap: EAP packet type response id 1 length 96
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 1
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 04be], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  modcall[authenticate]: module \"eap\" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 1 to 192.168.0.50 port 1026
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x0102040a0dc000000563160301004a020000460301465a792dbfc14d 4885fdd76005ddbcfe2a6cf8c2175794ced4fbb4e19c40aae420a32ca697e1a16b040e8a0f5bc02b 95dd31e2ab09b2cedff4227b48b6816f011100040016030104be0b0004ba0004b700022b30820227 30820190a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302 494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313 0730377877696669301e170d3037303131333037353834305a170d3038303131333037353834305a 305f310b300906035504061302494e310b3009060355040813
        EAP-Message = 0x02544e310d300b060355040a1304536966793110300e060355040313 07303778776966693122302006092a864886f70d01090116136a65796b756d61725f734073696679 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c6f366d39a74d8 b66b561628be123f18f9b0a71f09b98d21b990e9a987d9acf3ceabd01df377e13da987a23f244496 dfc0609e99ee03a9f44e51033cbb84c814d9d3225aacc7c67786fcd193d57c3f5ac16d7d1b835701 52edca9ba9ff99ca4feffcb244551292fad52026afda1f876205e84a26b81cebd89fa03fd97e5f7f db0203010001a317301530130603551d25040c300a06082b06
        EAP-Message = 0x010505070301300d06092a864886f70d010104050003818100a4cbb4 e6e8190d840edc9e61637a38ffa423b2a67e8d308c3005b8ec18318e94ddddbac0ccb1a15780c285 de01622608f4caded74bab6f0c9d44dfdeb648e46bdd4de3606e4c7f86e5f86472722db409baffdb 78eb6c7ad267a623e1155af13de26e83f3ce29b4f82baf551b756d2f49e5691cc1d80f6fb253b11e 7a15bf296000028630820282308201eba003020102020100300d06092a864886f70d010104050030 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 66793110300e0603550403130730377877696669301e170d30
        EAP-Message = 0x37303131333037353830305a170d3038303131333037353830305a30 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 66793110300e060355040313073037787769666930819f300d06092a864886f70d01010105000381 8d0030818902818100ec232cf24bd548a586d614994a3f3b9ee699eb64a3bf9a0c90d7bc8afb3984 2c767c3613757b8d38a78ceaa6a499be55dcf997abb9963b3ef406b39f766054d8e37d35859e6bd5 ce686c01eb63a25684afb79cd6796193355bd3ae67eae642701a34d1bc93426ade87434dadfbc8a8 b0cae8137d97d2a267973f2213ebeefcfd0203010001a38195
        EAP-Message = 0x308192301d0603551d0e04160414095ab44cec0cb80f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x8e3a068f1bbfd8a03b7a3c464a5b951f
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=2, length=217
        Message-Authenticator = 0x07c704f23ce2b215715d4a8c9159cfdd
        Service-Type = Framed-User
        User-Name = \"saravanakumar07\"
        Framed-MTU = 1488
        State = 0x8e3a068f1bbfd8a03b7a3c464a5b951f
        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x020200060d00
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module \"preprocess\" returns ok for request 2
    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 2
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 2
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module \"eap\" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 2 to 192.168.0.50 port 1026
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x0103016d0d80000005638c150861ea8bc609ed3cfbc030630603551d 23045c305a8014095ab44cec0cb80f8c150861ea8bc609ed3cfbc0a13fa43d303b310b3009060355 04061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603 550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d01 010405000381810019a69104ce7b395ddbb7a05ae632f71c590ba34e71b9a57cbe952eabed153fda cb07eb1c8d6db397f1f47a687103025a91b0431e73beac6e788de0af02e7d49e35808652dc4b2db6 0ccbcef9245239c47c785fb5c78c79ed7dd22d60ab6c19727e
        EAP-Message = 0xaa68ec38e3fc5b6e7716741e1f56eba981970face974b560ba07450e cdf817160301004c0d000044020102003f003d303b310b300906035504061302494e310b30090603 5504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669 0e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x875cf56766634fbc11b84d84a4f6e718
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=3, length=1117
        Message-Authenticator = 0xe54da048b9223806a62a068c47b7c90e
        Service-Type = Framed-User
        User-Name = \"saravanakumar07\"
        Framed-MTU = 1488
        State = 0x875cf56766634fbc11b84d84a4f6e718
        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x020303840d800000037a160301034a0b00023a000237000234308202 3030820199a0030201020202011f300d06092a864886f70d0101040500303b310b30090603550406 1302494e310b300906035504081302544e310d300b060355040a1304536966793110300e06035504 03130730377877696669301e170d3037303131393033343135305a170d3038303131393033343135 305a3067310b300906035504061302494e310b300906035504081302544e310d300b060355040a13 0453696679311830160603550403130f7361726176616e616b756d617230373122302006092a8648 86f70d01090116136a65796b756d61725f7340736966792e63
        EAP-Message = 0x6f6d30819f300d06092a864886f70d010101050003818d0030818902 818100b6413143a14d8666369a759ccad7ab221e73ec0cc73ad7346a6060b34e8571d1838d97cc4a a7a2f99a4be83b9bb5af5daeb3307909d5a44c9338a43b19b6c1f3ec6232eae8508103741d5eeb9b 4e7f99b3c2b4b283fcef13cc1b34a087e240e2ab94fee8fce66687dd95690b23d20e84551cd24f38 5afb5cdb086f851f9900070203010001a317301530130603551d25040c300a06082b060105050703 02300d06092a864886f70d010104050003818100ca0e708d266de50c32dc92d523eed3b11d4e678e 2d7bdfeffca92e91b3be256b1533f53180c670c7e224671bbc
        EAP-Message = 0x1b1245c125bd2f3c252da361542f7d43e5b18db9d6904d92d1300a9e 333d7ac7d8a8ec00aa3bed5d0c9f07028b62f004e6bcfbdee18f80740820065ea68c48cca932d6e3 388b9837c944c42ddc92eed2eb668510000082008065cbdb9523b4868aeb3e3eea40b285883ebf84 96b7f244d89bace257b438038cee487a4ef2ad0cfe15a0edfa105f858730b616819ec718463dddab 460213228bde79fbe4c2859867cebcbd17d3f47c3bbe5515e39b61f6f07d5e24e788a0a08b6b1cf1 eaab8166bf96e460583fb1799e38505a5ba4f7085cee6f977063f6eee50f0000820080b378c93e0d afbdce76957a4267d8a5b0f4c156951860235dd7a76e5d95b3
        EAP-Message = 0x4ce6e5e6e7619dccfe8bbf67aefafac549dc616660776505de69f257 c83c8b4bab80a68ff4357bdadd15692c286960fc8529e99a5e42f9231b2829387c18f4ad161db288 3593f0ca635ec0bdcef6097356a7441662812d4a6a375d5813a323c1d2a414030100010116030100 209e18fbf55b919db4dd180e6b8e83fb89c40b2c6f4cbce5d68e4ae995ce21127e
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module \"preprocess\" returns ok for request 3
    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 3
  rlm_eap: EAP packet type response id 3 length 253
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 3
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 023e], Certificate
chain-depth=1,
error=0
--> User-Name = saravanakumar07
--> BUF-Name = 07xwifi
--> subject = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> issuer  = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> verify return:1
chain-depth=0,
error=0
--> User-Name = saravanakumar07
--> BUF-Name = saravanakumar07
--> subject = /C=IN/ST=TN/O=Sify/CN=saravanakumar07/emailAddress=jeykumar_s at sify .com
--> issuer  = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> verify return:1
    TLS_accept: SSLv3 read client certificate A
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
    TLS_accept: SSLv3 read certificate verify A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  modcall[authenticate]: module \"eap\" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 3 to 192.168.0.50 port 1026
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x010400350d800000002b1403010001011603010020a4b68069f91bfe 89b86711eab12ac7b185ae3f93e19ed117db3474cec9a0a321
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0f0c01529f5f8c4659b536a349cf23ad
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=4, length=217
        Message-Authenticator = 0x1196d3ed2b565d021343c99e3a944592
        Service-Type = Framed-User
        User-Name = \"saravanakumar07\"
        Framed-MTU = 1488
        State = 0x0f0c01529f5f8c4659b536a349cf23ad
        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x020400060d00
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module \"preprocess\" returns ok for request 4
    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 4
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 4
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap: Freeing handler
  modcall[authenticate]: module \"eap\" returns ok for request 4
modcall: leaving group authenticate (returns ok) for request 4
Login OK: [saravanakumar07] (from client private-network-1 port 1 cli 00-0E-35-F 3-A1-67)
Sending Access-Accept of id 4 to 192.168.0.50 port 1026
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        MS-MPPE-Recv-Key = 0xd1118229ce4eb045b8e560de7206f6440ef2ac0d555fa5b0087 14804431ad5d5
        MS-MPPE-Send-Key = 0x97b7769702b6fb9ad8c20b53e48ae889d1197c00da215df9c8e bba0366abbe08
        EAP-Message = 0x03040004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = \"saravanakumar07\"
Finished request 4
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 465a792d
Cleaning up request 1 ID 1 with timestamp 465a792d
Cleaning up request 2 ID 2 with timestamp 465a792d
Cleaning up request 3 ID 3 with timestamp 465a792d
Cleaning up request 4 ID 4 with timestamp 465a792d
Nothing to do.  Sleeping until we see a request.
 
[root at localhost sbin]#

Regards
Anoop






More information about the Freeradius-Users mailing list