Connection before logon

Phil Scarratt misc at draxsen.com
Sat Mar 17 01:45:04 CET 2007 

Hi

I am sure this must be a commonly asked question, but after hours of 
searching I just can't seem to find the answer. I've spent hours 
trawling through google and searching the archives to no avail. I am 
sure I am missing something simple, but can't put my finger on it. There 
are several posts of similar topic but no answer (or answer that works).

In my case, I have freeradius installed to use EAP-TLS, Windows XPSP2 
clients exclusively. The authentication works fine after logging on 
using a local account. I have the same certificates in both the local 
users certificate store and the computer account certificate store. The 
debug output for freeradius, when the computer is first switched on and 
before logging on, simply shows repeated Access-Request packets like the 
one below. It basically simply repeats.

Can anyone shed any light at all, or point me in other directions to search?

TIA
Fil


--Debug Output--

Cleaning up request 8 ID 2 with timestamp 45fa940f
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.1.50:1054, id=4, 
length=207
         Message-Authenticator = 0xc45158cab736178c590d01cee92bc6cc
         Service-Type = Framed-User
         User-Name = "host/SACM0734"
         Framed-MTU = 1488
         Called-Station-Id = "XXXXXXXXXXXXXXXXXXX"
         Calling-Station-Id = "XXXXXXXXXXXXXXXXX"
         NAS-Identifier = "D-Link Access Point"
         NAS-Port-Type = Wireless-802.11
         Connect-Info = "CONNECT 54Mbps 802.11g"
         EAP-Message = 0x0204001201686f73742f5341434d30373334
         NAS-IP-Address = 192.168.1.50
         NAS-Port = 1
         NAS-Port-Id = "STA port # 1"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
   modcall[authorize]: module "preprocess" returns ok for request 9
     rlm_realm: No '\' in User-Name = "host/SACM0734", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "ntdomain" returns noop for request 9
   rlm_eap: EAP packet type response id 4 length 18
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 9
     users: Matched host/SACM0734 at 66
   modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 4 to 192.168.1.50:1054
         EAP-Message = 0x010500060d20
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xfa4829561866ec99c1e1c3ace47e3f57
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 4 with timestamp 45fa942d
Nothing to do.  Sleeping until we see a request.

More information about the Freeradius-Users mailing list