EAP-TLS authentication (Alan DeKok)
anoop_c at sifycorp.com
anoop_c at sifycorp.com
Fri Jul 13 13:37:41 CEST 2007
pls find the attached
n: lower_user = \"no\"
main: lower_pass = \"no\"
main: nospace_user = \"no\"
main: nospace_pass = \"no\"
main: checkrad = \"/usr/local/sbin/checkrad\"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = \"(null)\"
exec: input_pairs = \"request\"
exec: output_pairs = \"(null)\"
exec: packet_type = \"(null)\"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
unix: cache = no
unix: passwd = \"(null)\"
unix: shadow = \"(null)\"
unix: group = \"(null)\"
unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = \"tls\"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = \"(null)\"
tls: pem_file_type = yes
tls: private_key_file = \"/etc/1x/07xwifi.pem\"
tls: certificate_file = \"/etc/1x/07xwifi.pem\"
tls: CA_file = \"/etc/1x/root.pem\"
tls: private_key_password = \"password\"
tls: dh_file = \"/etc/1x/DH\"
tls: random_file = \"/etc/1x/random\"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = \"(null)\"
tls: cipher_list = \"(null)\"
tls: check_cert_issuer = \"(null)\"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = \"/etc/raddb/huntgroups\"
preprocess: hints = \"/etc/raddb/hints\"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = \"suffix\"
realm: delimiter = \"@\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = \"/etc/raddb/users\"
files: acctusersfile = \"/etc/raddb/acct_users\"
files: preproxy_usersfile = \"/etc/raddb/preproxy_users\"
files: compat = \"no\"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port\"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de tail-%Y%m%d\"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = \"/usr/local/var/log/radius/radutmp\"
radutmp: username = \"%{User-Name}\"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=0, length=213
Message-Authenticator = 0x33339877b96e876b381f2c9d3bf7ae2e
Service-Type = Framed-User
User-Name = \"saravanakumar07\"
Framed-MTU = 1488
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x02000014017361726176616e616b756d61723037
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module \"preprocess\" returns ok for request 0
rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 20
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module \"eap\" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 0 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdb8384b95c5c85f50f7621620d3cb041
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=1, length=307
Message-Authenticator = 0x70278d02fc3d5048b44f5f934810a98a
Service-Type = Framed-User
User-Name = \"saravanakumar07\"
Framed-MTU = 1488
State = 0xdb8384b95c5c85f50f7621620d3cb041
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x020100600d800000005616030100510100004d0301465a79c5ce91ab c2dd387cd382f0fa23cbb8ff9707ff565985a8ecbc27b01216101905323cb152176f2b0259ff77f5 bf4e001600040005000a000900640062000300060013001200630100
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module \"preprocess\" returns ok for request 1
rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 96
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 1
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 04be], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module \"eap\" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 1 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0102040a0dc000000563160301004a020000460301465a792dbfc14d 4885fdd76005ddbcfe2a6cf8c2175794ced4fbb4e19c40aae420a32ca697e1a16b040e8a0f5bc02b 95dd31e2ab09b2cedff4227b48b6816f011100040016030104be0b0004ba0004b700022b30820227 30820190a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302 494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313 0730377877696669301e170d3037303131333037353834305a170d3038303131333037353834305a 305f310b300906035504061302494e310b3009060355040813
EAP-Message = 0x02544e310d300b060355040a1304536966793110300e060355040313 07303778776966693122302006092a864886f70d01090116136a65796b756d61725f734073696679 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c6f366d39a74d8 b66b561628be123f18f9b0a71f09b98d21b990e9a987d9acf3ceabd01df377e13da987a23f244496 dfc0609e99ee03a9f44e51033cbb84c814d9d3225aacc7c67786fcd193d57c3f5ac16d7d1b835701 52edca9ba9ff99ca4feffcb244551292fad52026afda1f876205e84a26b81cebd89fa03fd97e5f7f db0203010001a317301530130603551d25040c300a06082b06
EAP-Message = 0x010505070301300d06092a864886f70d010104050003818100a4cbb4 e6e8190d840edc9e61637a38ffa423b2a67e8d308c3005b8ec18318e94ddddbac0ccb1a15780c285 de01622608f4caded74bab6f0c9d44dfdeb648e46bdd4de3606e4c7f86e5f86472722db409baffdb 78eb6c7ad267a623e1155af13de26e83f3ce29b4f82baf551b756d2f49e5691cc1d80f6fb253b11e 7a15bf296000028630820282308201eba003020102020100300d06092a864886f70d010104050030 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 66793110300e0603550403130730377877696669301e170d30
EAP-Message = 0x37303131333037353830305a170d3038303131333037353830305a30 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 66793110300e060355040313073037787769666930819f300d06092a864886f70d01010105000381 8d0030818902818100ec232cf24bd548a586d614994a3f3b9ee699eb64a3bf9a0c90d7bc8afb3984 2c767c3613757b8d38a78ceaa6a499be55dcf997abb9963b3ef406b39f766054d8e37d35859e6bd5 ce686c01eb63a25684afb79cd6796193355bd3ae67eae642701a34d1bc93426ade87434dadfbc8a8 b0cae8137d97d2a267973f2213ebeefcfd0203010001a38195
EAP-Message = 0x308192301d0603551d0e04160414095ab44cec0cb80f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8e3a068f1bbfd8a03b7a3c464a5b951f
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=2, length=217
Message-Authenticator = 0x07c704f23ce2b215715d4a8c9159cfdd
Service-Type = Framed-User
User-Name = \"saravanakumar07\"
Framed-MTU = 1488
State = 0x8e3a068f1bbfd8a03b7a3c464a5b951f
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x020200060d00
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module \"preprocess\" returns ok for request 2
rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 2
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module \"eap\" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 2 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0103016d0d80000005638c150861ea8bc609ed3cfbc030630603551d 23045c305a8014095ab44cec0cb80f8c150861ea8bc609ed3cfbc0a13fa43d303b310b3009060355 04061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603 550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d01 010405000381810019a69104ce7b395ddbb7a05ae632f71c590ba34e71b9a57cbe952eabed153fda cb07eb1c8d6db397f1f47a687103025a91b0431e73beac6e788de0af02e7d49e35808652dc4b2db6 0ccbcef9245239c47c785fb5c78c79ed7dd22d60ab6c19727e
EAP-Message = 0xaa68ec38e3fc5b6e7716741e1f56eba981970face974b560ba07450e cdf817160301004c0d000044020102003f003d303b310b300906035504061302494e310b30090603 5504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669 0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x875cf56766634fbc11b84d84a4f6e718
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=3, length=1117
Message-Authenticator = 0xe54da048b9223806a62a068c47b7c90e
Service-Type = Framed-User
User-Name = \"saravanakumar07\"
Framed-MTU = 1488
State = 0x875cf56766634fbc11b84d84a4f6e718
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x020303840d800000037a160301034a0b00023a000237000234308202 3030820199a0030201020202011f300d06092a864886f70d0101040500303b310b30090603550406 1302494e310b300906035504081302544e310d300b060355040a1304536966793110300e06035504 03130730377877696669301e170d3037303131393033343135305a170d3038303131393033343135 305a3067310b300906035504061302494e310b300906035504081302544e310d300b060355040a13 0453696679311830160603550403130f7361726176616e616b756d617230373122302006092a8648 86f70d01090116136a65796b756d61725f7340736966792e63
EAP-Message = 0x6f6d30819f300d06092a864886f70d010101050003818d0030818902 818100b6413143a14d8666369a759ccad7ab221e73ec0cc73ad7346a6060b34e8571d1838d97cc4a a7a2f99a4be83b9bb5af5daeb3307909d5a44c9338a43b19b6c1f3ec6232eae8508103741d5eeb9b 4e7f99b3c2b4b283fcef13cc1b34a087e240e2ab94fee8fce66687dd95690b23d20e84551cd24f38 5afb5cdb086f851f9900070203010001a317301530130603551d25040c300a06082b060105050703 02300d06092a864886f70d010104050003818100ca0e708d266de50c32dc92d523eed3b11d4e678e 2d7bdfeffca92e91b3be256b1533f53180c670c7e224671bbc
EAP-Message = 0x1b1245c125bd2f3c252da361542f7d43e5b18db9d6904d92d1300a9e 333d7ac7d8a8ec00aa3bed5d0c9f07028b62f004e6bcfbdee18f80740820065ea68c48cca932d6e3 388b9837c944c42ddc92eed2eb668510000082008065cbdb9523b4868aeb3e3eea40b285883ebf84 96b7f244d89bace257b438038cee487a4ef2ad0cfe15a0edfa105f858730b616819ec718463dddab 460213228bde79fbe4c2859867cebcbd17d3f47c3bbe5515e39b61f6f07d5e24e788a0a08b6b1cf1 eaab8166bf96e460583fb1799e38505a5ba4f7085cee6f977063f6eee50f0000820080b378c93e0d afbdce76957a4267d8a5b0f4c156951860235dd7a76e5d95b3
EAP-Message = 0x4ce6e5e6e7619dccfe8bbf67aefafac549dc616660776505de69f257 c83c8b4bab80a68ff4357bdadd15692c286960fc8529e99a5e42f9231b2829387c18f4ad161db288 3593f0ca635ec0bdcef6097356a7441662812d4a6a375d5813a323c1d2a414030100010116030100 209e18fbf55b919db4dd180e6b8e83fb89c40b2c6f4cbce5d68e4ae995ce21127e
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module \"preprocess\" returns ok for request 3
rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 253
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 3
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 023e], Certificate
chain-depth=1,
error=0
--> User-Name = saravanakumar07
--> BUF-Name = 07xwifi
--> subject = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> issuer = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> verify return:1
chain-depth=0,
error=0
--> User-Name = saravanakumar07
--> BUF-Name = saravanakumar07
--> subject = /C=IN/ST=TN/O=Sify/CN=saravanakumar07/emailAddress=jeykumar_s at sify .com
--> issuer = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module \"eap\" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 3 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010400350d800000002b1403010001011603010020a4b68069f91bfe 89b86711eab12ac7b185ae3f93e19ed117db3474cec9a0a321
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0f0c01529f5f8c4659b536a349cf23ad
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=4, length=217
Message-Authenticator = 0x1196d3ed2b565d021343c99e3a944592
Service-Type = Framed-User
User-Name = \"saravanakumar07\"
Framed-MTU = 1488
State = 0x0f0c01529f5f8c4659b536a349cf23ad
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x020400060d00
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module \"preprocess\" returns ok for request 4
rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 4
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap: Freeing handler
modcall[authenticate]: module \"eap\" returns ok for request 4
modcall: leaving group authenticate (returns ok) for request 4
Login OK: [saravanakumar07] (from client private-network-1 port 1 cli 00-0E-35-F 3-A1-67)
Sending Access-Accept of id 4 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
MS-MPPE-Recv-Key = 0xd1118229ce4eb045b8e560de7206f6440ef2ac0d555fa5b0087 14804431ad5d5
MS-MPPE-Send-Key = 0x97b7769702b6fb9ad8c20b53e48ae889d1197c00da215df9c8e bba0366abbe08
EAP-Message = 0x03040004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = \"saravanakumar07\"
Finished request 4
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 465a792d
Cleaning up request 1 ID 1 with timestamp 465a792d
Cleaning up request 2 ID 2 with timestamp 465a792d
Cleaning up request 3 ID 3 with timestamp 465a792d
Cleaning up request 4 ID 4 with timestamp 465a792d
Nothing to do. Sleeping until we see a request.
[root at localhost sbin]#
Regards
Anoop
More information about the Freeradius-Users
mailing list