EAP/TLS ,after access-challenge nothing happen

tnt at kalik.co.yu tnt at kalik.co.yu
Fri Jun 22 14:17:45 CEST 2007 

http://wiki.freeradius.org/index.php/FAQ#PEAP_or_EAP-TLS_Doesn.27t_Work_with_a_Windows_machine

Ivan Kalik
Kalik Informatika ISP


Dana 22/6/2007, "stefek143" <stefek143 at wp.pl> piše:

>Hi
>
>I have a little problem with authenticate using EAP/TLS on freeradius. 
>After Access Challenge freeradius not display Reject or Accept, only 
>going to the begin and repeat the same operation. What`s wrong ?? as NAS 
>i`m using CISCO catalyst 2950 and client supplicant WinXP.
>
>this is logs from tcpdump:
>
>21:43:21.547329 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, 
>Access Request (1), id: 0x7d length: 120
>21:43:21.648845 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, 
>Access Challenge (11), id: 0x7d length: 64
>21:43:21.572693 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, 
>Access Request (1), id: 0x7e length: 189
>21:43:21.587661 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, 
>Access Challenge (11), id: 0x7e length: 1100
>21:43:21.602274 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, 
>Access Request (1), id: 0x7f length: 115
>21:43:21.604767 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, 
>Access Challenge (11), id: 0x7f length: 976
>21:43:21.620631 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, 
>Access Request (1), id: 0x80 length: 115
>21:43:21.629087 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, 
>Access Challenge (11), id: 0x80 length: 68
>
>and this is logs from freeradius debug mode:
>
>rad_recv: Access-Request packet from host 192.168.1.9:1812, id=207, 
>length=115
>        NAS-IP-Address = 192.168.1.9
>        NAS-Port-Type = Async
>        User-Name = "client"
>        Service-Type = Framed-User
>        Framed-MTU = 1500
>        Calling-Station-Id = "00-11-09-26-48-fa"
>        State = 0xf4dbd9e74648ce65d56e471171d0e7f3
>        EAP-Message = 0x020200060d00
>        Message-Authenticator = 0x767944f13525d633320393682cb2403f
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 90
>  modcall[authorize]: module "preprocess" returns ok for request 90
>  modcall[authorize]: module "chap" returns noop for request 90
>  modcall[authorize]: module "mschap" returns noop for request 90
>    rlm_realm: No '@' in User-Name = "client", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 90
>  rlm_eap: EAP packet type response id 2 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 90
>  modcall[authorize]: module "files" returns notfound for request 90
>rlm_pap: WARNING! No "known good" password found for the user.  
>Authentication may fail because of this.
>  modcall[authorize]: module "pap" returns noop for request 90
>modcall: leaving group authorize (returns updated) for request 90
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 90
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/tls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
>  rlm_eap_tls: ack handshake fragment handler
>  eaptls_verify returned 1
>  eaptls_process returned 13
>  modcall[authenticate]: module "eap" returns handled for request 90
>modcall: leaving group authenticate (returns handled) for request 90
>Sending Access-Challenge of id 207 to 192.168.1.9 port 1812
>        EAP-Message = 
>0x010303900d8000000786310b300906035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c30819f300d06092a864886f70d010101050003818d0030818902818100ab728b302468bd3da758ecc16f15f289ae5c37adfac5899868d65302c0ee57926b30c6e450d5359222aa219ab45bb0e9dde0ff05f1435501f3331e19
>        EAP-Message = 
>0x88ba32d22d28818f980032dbc1f3da8223bb32cd29ae2c7ecbebd082539086f97fd226292ac4dcaa005767cd00ab6cd544325f19e2a19709b4db1df9952ede369656506b0203010001a38201023081ff301d0603551d0e041604143513a6ddabae787d49cc40b35d86cc53e716de263081cf0603551d230481c73081c480143513a6ddabae787d49cc40b35d86cc53e716de26a181a0a4819d30819a310b300906035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c
>        EAP-Message = 
>0x0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c820900f3854e49a9d8e78c300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002961967ffb8fd7a6b2062b2d78880f2a61c84eb4b52dc6eeae4511192dee95d22e354171bdca060b84cf6b7c6646081bd7d20d3c38d70708a2eb2695a5180a527354cf7105af7cddb16c3a38bf4bed480b0a50fbbeb7c932a7aed302ff4065763ef1dc7abc1b7459cc3db095bea25cbf11f863d8db6220c62499d15b0cb3a3f216030100ac0d0000a4020102009f009d30819a310b300906
>        EAP-Message = 
>0x035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c0e000000
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x8a37dd36bf1bbbf6747bb6c4216ea380
>Finished request 90
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.1.9:1812, id=208, 
>length=115
>        NAS-IP-Address = 192.168.1.9
>        NAS-Port-Type = Async
>        User-Name = "client"
>        Service-Type = Framed-User
>        Framed-MTU = 1500
>        Calling-Station-Id = "00-11-09-26-48-fa"
>        State = 0x8a37dd36bf1bbbf6747bb6c4216ea380
>        EAP-Message = 0x020300060d00
>        Message-Authenticator = 0x6de0700bd6d131fc1cec8bec76fcea72
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 91
>  modcall[authorize]: module "preprocess" returns ok for request 91
>  modcall[authorize]: module "chap" returns noop for request 91
>  modcall[authorize]: module "mschap" returns noop for request 91
>    rlm_realm: No '@' in User-Name = "client", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 91
>  rlm_eap: EAP packet type response id 3 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 91
>  modcall[authorize]: module "files" returns notfound for request 91
>rlm_pap: WARNING! No "known good" password found for the user.  
>Authentication may fail because of this.
>  modcall[authorize]: module "pap" returns noop for request 91
>modcall: leaving group authorize (returns updated) for request 91
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 91
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/tls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
>  rlm_eap_tls: ack handshake fragment handler
>  eaptls_verify returned 1
>  eaptls_process returned 13
>  modcall[authenticate]: module "eap" returns handled for request 91
>modcall: leaving group authenticate (returns handled) for request 91
>Sending Access-Challenge of id 208 to 192.168.1.9 port 1812
>        EAP-Message = 0x0104000a0d8000000000
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x7b7eac5f542d1c6ec0abd77c3ce3c509
>Finished request 91
>Going to the next request
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>Cleaning up request 88 ID 205 with timestamp 467ad8b7
>Cleaning up request 89 ID 206 with timestamp 467ad8b7
>Cleaning up request 90 ID 207 with timestamp 467ad8b7
>Cleaning up request 91 ID 208 with timestamp 467ad8b7
>Nothing to do.  Sleeping until we see a request.
>
>----------------------------------------------------
>Nieważne, kim jesteś i jak wyglądasz. Jesteś wart 
>tyle, ile ktoś chce zapłacić za twoją śmierć... 
>Przerażający thriller HOSTEL 2 - w kinach od 22 czerwca! 
>http://klik.wp.pl/?adr=http%3A%2F%2Fadv.reklama.wp.pl%2Fas%2Fhostel2.html&sid=1196
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list