ttls problem

tevfik tevfikkiziloren at gmail.com
Wed May 9 20:46:26 CEST 2007 

Hi. I have problems with performing authentication with freeradius.

When I use the command:

radtest tkiziloren password ldap.anaadolu.edu 10 testing123 

i get the message below:

rad_recv: Access-accepted...

However when i try to perform same task by using securew2 on XP client, it
always shows "attempting to authenticate",
I pasted the debug results or radiusd below:

I am new to freeradius. Could anybody help me where the problem is?. Is
there a problem with certificate?

(I use cisco aironet 1200 AP)

Thanks in advance.

Tevfik Kızılören.


rad_recv: Access-Request packet from host 10.10.7.203:1645, id=0, length=148
        User-Name = "tkiziloren"
        Framed-MTU = 1400
        Called-Station-Id = "0017.0e85.f190"
        Calling-Station-Id = "0011.2fb9.d08b"
        Service-Type = Login-User
        Message-Authenticator = 0xfcbf4e4b477d844b3826ae784cd6977e
        EAP-Message = 0x020400061500
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 675
        State = 0x74d2bac8b603cafd625c55c0992b70ba
        NAS-IP-Address = 10.10.7.203
        NAS-Identifier = "testbum"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to
config.
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 29
  modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tkiziloren
radius_xlat:  '(uid=tkiziloren)'
radius_xlat:  'ou=people,dc=anadolu,dc=edu,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
filter (uid=tkiziloren)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tkiziloren authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap_1x" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 0 to 10.10.7.203 port 1645
        EAP-Message =
0x0105024e1580000006445504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d0030818902818100f87fe052d754f4586d4e311ea15bb54cd7bbe1e505e648171bfa44c6a1523906cc31d776e4a8113dd3f002e7ddd43868af03076e0f4c57c6791845adc2f7732d909e58267dc127244ebe656f95
        EAP-Message =
0xf53a09222a4a3451369f97a04391610dc4b77848268d41b7f9bc37f04654d00abdc0ee376c8aad064e5ac5a5a1595bffeea9b30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041450fd81eacea4e2d3d18547e154bc515d08630096301f0603551d2304183016801450fd81eacea4e2d3d18547e154bc515d08630096300d06092a864886f70d01010505000381810092f44ed2dade447e098f90432e2a2b58d93139471c0b41d3bbdebf1c2d09e321b43bbe2faad7d8c60e6642f5b6c2746fbb4be07033
        EAP-Message =
0x4b77db5093871b2203bf2271cb97b98cc169c03f4f67d7a01261d971dfddc176cce3a42e1dd1e37037060a528db7e8481722e222549b882a93cfa582a29df0f1b401a28e197772410a1f1016030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9d3c9b53656089b1510d55b3a1f50a33
Finished request 6
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 0 with timestamp 46421b1a
Cleaning up request 4 ID 254 with timestamp 46421b1a
Cleaning up request 5 ID 255 with timestamp 46421b1a
Nothing to do.  Sleeping until we see a request.

-- 
View this message in context: http://www.nabble.com/ttls-problem-tf3717596.html#a10400374
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list