TTLS working. Is it secure?

tevfik tevfikkiziloren at gmail.com
Fri May 11 15:14:52 CEST 2007


Hi, I was able to configure radius server, users can connect after entering
user credentials. However I am not sure whether  the configuration fully
correct or not. In below, I pasted my radius daemon logs for only one
authentication process.
Entered username was true and password was false.

Why there are 4 request for only one authentication process? What is wrong
with it? What does "rlm_ldap: user tkiziloren authorized to use remote
access" mean? The password is not true how can a user authorized although
his/her password is false.

Thanks in advance.

Tevfik.


rad_recv: Access-Request packet from host 10.10.7.203:1645, id=11,
length=139
        User-Name = "tkiziloren"
        Framed-MTU = 1400
        Called-Station-Id = "0017.0e85.f190"
        Calling-Station-Id = "0011.2fb9.d08b"
        Service-Type = Login-User
        Message-Authenticator = 0x46e9a61e176eb2fad26f1f689c9edc79
        EAP-Message = 0x0202000f01746b697a696c6f72656e
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 260
        NAS-IP-Address = 10.10.7.203
        NAS-Identifier = "testbaum"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to
config.
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 2 length 15
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 29
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tkiziloren
radius_xlat:  '(uid=tkiziloren)'
radius_xlat:  'ou=people,dc=anadolu,dc=edu,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.anadolu.edu.tr:389, authentication 0
rlm_ldap: bind as / to ldap.anadolu.edu.tr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
filter (uid=tkiziloren)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tkiziloren authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap_1x" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 11 to 10.10.7.203 port 1645
        EAP-Message = 0x010300061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbe88ae73ff01db2d490c7144a376c659
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.7.203:1645, id=12,
length=202
        User-Name = "tkiziloren"
        Framed-MTU = 1400
        Called-Station-Id = "0017.0e85.f190"
        Calling-Station-Id = "0011.2fb9.d08b"
        Service-Type = Login-User
        Message-Authenticator = 0x1c053c94b8fa5bc90c998ed9517b8a7c
        EAP-Message =
0x0203003c158000000032160301002d0100002903014a5bc504f836fec860348fb73185a7cc772a9bdf5f440445d0eaedbc8e8ffa77000002000a0100
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 260
        State = 0xbe88ae73ff01db2d490c7144a376c659
        NAS-IP-Address = 10.10.7.203
        NAS-Identifier = "testbaum"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to
config.
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 3 length 60
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry DEFAULT at line 29
  modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tkiziloren
radius_xlat:  '(uid=tkiziloren)'
radius_xlat:  'ou=people,dc=anadolu,dc=edu,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
filter (uid=tkiziloren)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tkiziloren authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap_1x" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 05e7], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 12 to 10.10.7.203 port 1645
        EAP-Message =
0x0104040a15c000000644160301004a02000046030146446335adedcee21b0f7d388612e4511b161a05d7f60d50d05c530f0fbb556120d89b7e2fff61268e1088096ae7e5496aa5a0fc9da67f65c7f65e1d792a44f208000a0016030105e70b0005e30005e00002c5308202c13082022aa003020102020101300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a86
        EAP-Message =
0x4886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333833325a170d3038303530373130333833325a3081a3310b300906035504061302545231123010060355040813095452416e61646f6c75311230100603550407130945736b697365686972311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d003081890281
        EAP-Message =
0x8100aa7e832714838afb5c85df7c60afaf107142a9e077659f216e0b0cee26180413d2ce23bd4551cb0e7243dbae482db8757502159b52b08f8776b1fef8110ea8798dc7bd0db591296d73e37cad9a07ad8b1c1db6360104861ae0405cab03544b1ae33633df6a5403c79bdde9ab57ed2dcfe191f5f34418b555c953351acc461ce70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181003c0a0c3e188348ce41725b4c062f8a8570a1bf407bb6ee3504b9df6a18e935fe2f8792c914c2eabadd85e6ea701ec99443a06e436152b7b9fd413cf44fbd09db68cdf3879c76ea673153
        EAP-Message =
0xb8adc112064df7b8369c796d37251577569523b465b686408649adbb9f9006148c9e8df035dec411681b9365b9d317f44efd89b9b42b000315308203113082027aa003020102020100300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333734345a170d
        EAP-Message = 0x3130303530373130333734345a30818f310b30090603
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xdc75d5eda4e0cae9d79bba28bc969a70
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.7.203:1645, id=13,
length=148
        User-Name = "tkiziloren"
        Framed-MTU = 1400
        Called-Station-Id = "0017.0e85.f190"
        Calling-Station-Id = "0011.2fb9.d08b"
        Service-Type = Login-User
        Message-Authenticator = 0x94a629eda2e1b020387e4292f0195afb
        EAP-Message = 0x020400061500
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 260
        State = 0xdc75d5eda4e0cae9d79bba28bc969a70
        NAS-IP-Address = 10.10.7.203
        NAS-Identifier = "testbaum"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to
config.
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry DEFAULT at line 29
  modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tkiziloren
radius_xlat:  '(uid=tkiziloren)'
radius_xlat:  'ou=people,dc=anadolu,dc=edu,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
filter (uid=tkiziloren)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tkiziloren authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap_1x" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 13 to 10.10.7.203 port 1645
        EAP-Message =
0x0105024e1580000006445504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d0030818902818100f87fe052d754f4586d4e311ea15bb54cd7bbe1e505e648171bfa44c6a1523906cc31d776e4a8113dd3f002e7ddd43868af03076e0f4c57c6791845adc2f7732d909e58267dc127244ebe656f95
        EAP-Message =
0xf53a09222a4a3451369f97a04391610dc4b77848268d41b7f9bc37f04654d00abdc0ee376c8aad064e5ac5a5a1595bffeea9b30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041450fd81eacea4e2d3d18547e154bc515d08630096301f0603551d2304183016801450fd81eacea4e2d3d18547e154bc515d08630096300d06092a864886f70d01010505000381810092f44ed2dade447e098f90432e2a2b58d93139471c0b41d3bbdebf1c2d09e321b43bbe2faad7d8c60e6642f5b6c2746fbb4be07033
        EAP-Message =
0x4b77db5093871b2203bf2271cb97b98cc169c03f4f67d7a01261d971dfddc176cce3a42e1dd1e37037060a528db7e8481722e222549b882a93cfa582a29df0f1b401a28e197772410a1f1016030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x601d05b1669ab2bed2334dbb4dbe4d93
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.7.203:1645, id=14,
length=342
        User-Name = "tkiziloren"
        Framed-MTU = 1400
        Called-Station-Id = "0017.0e85.f190"
        Calling-Station-Id = "0011.2fb9.d08b"
        Service-Type = Login-User
        Message-Authenticator = 0xd740350b53fca08d4001aed5cb55bdd5
        EAP-Message =
0x020500c81580000000be1603010086100000820080989a4f4fef1e07bdc30e36fef2b9fa53649b34891e3af4981558eff851af2c16e31edfadd788ed4caa1d9dd75fec547af24d81a30e3322652f9b3c6cf57c9e5638979da52036cc0d84e3671e2cd0e60c20c322c485f9d4893ed9a3202c3af09dae9c0f79d2a2a4a28838920c2a20dcfe9080af2e72ae3e3d4bab2353ca2dd2321403010001011603010028e030b00731ce0c04645a08c8b19879ac634ccc7264530fe9242eefa8c94c712d7f2b1f6194a2b777
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 260
        State = 0x601d05b1669ab2bed2334dbb4dbe4d93
        NAS-IP-Address = 10.10.7.203
        NAS-Identifier = "testbaum"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to
config.
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: EAP packet type response id 5 length 200
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry DEFAULT at line 29
  modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tkiziloren
radius_xlat:  '(uid=tkiziloren)'
radius_xlat:  'ou=people,dc=anadolu,dc=edu,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
filter (uid=tkiziloren)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tkiziloren authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap_1x" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 14 to 10.10.7.203 port 1645
        EAP-Message =
0x0106003d15800000003314030100010116030100281527d07e80080ef64fd3fc412609c08d94edb977645467e3ffb76ef7f04fc2cca1a0f8d6834de619
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x596d167bc9c74853ae5bd540423f3b81
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.7.203:1645, id=15,
length=221
        User-Name = "tkiziloren"
        Framed-MTU = 1400
        Called-Station-Id = "0017.0e85.f190"
        Calling-Station-Id = "0011.2fb9.d08b"
        Service-Type = Login-User
        Message-Authenticator = 0x853240c191a67fa8675d6ccc5cd4abc3
        EAP-Message =
0x0206004f1580000000451703010040cf6a442a8eef8f67c64a243cfc035a468d8b995f900af8238341332e934fc5adf057972e7723fdb6baa8a96d50184bc4ac3397ddd2963033bd8dd2ef5d184328
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 260
        State = 0x596d167bc9c74853ae5bd540423f3b81
        NAS-IP-Address = 10.10.7.203
        NAS-Identifier = "testbaum"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to
config.
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 6 length 79
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry DEFAULT at line 29
  modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tkiziloren
radius_xlat:  '(uid=tkiziloren)'
radius_xlat:  'ou=people,dc=anadolu,dc=edu,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
filter (uid=tkiziloren)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tkiziloren authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap_1x" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  eaptls_process returned 7
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled
attributes.
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to
config.
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 4
    users: Matched entry DEFAULT at line 29
  modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tkiziloren
radius_xlat:  '(uid=tkiziloren)'
radius_xlat:  'ou=people,dc=anadolu,dc=edu,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
filter (uid=tkiziloren)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tkiziloren authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap_1x" returns ok for request 4
modcall: leaving group authorize (returns ok) for request 4
  rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 4
rlm_ldap: - authenticate
rlm_ldap: login attempt by "tkiziloren" with password "egermen"
rlm_ldap: user DN: uid=tkiziloren,ou=people,dc=anadolu,dc=edu,dc=tr
rlm_ldap: (re)connect to ldap.anadolu.edu.tr:389, authentication 1
rlm_ldap: bind as uid=tkiziloren,ou=people,dc=anadolu,dc=edu,dc=tr/egermen
to ldap.anadolu.edu.tr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind failed with invalid credentials
rlm_ldap:
  modcall[authenticate]: module "ldap_1x" returns reject for request 4
modcall: leaving group LDAP (returns reject) for request 4
auth: Failed to validate the user.
  TTLS: Got tunneled Access-Reject
 rlm_eap: Handler failed in EAP/ttls
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 4
modcall: leaving group authenticate (returns invalid) for request 4
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 15 to 10.10.7.203 port 1645
        EAP-Message = 0x04060004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 11 with timestamp 46446335
Cleaning up request 1 ID 12 with timestamp 46446335
Cleaning up request 2 ID 13 with timestamp 46446335
Cleaning up request 3 ID 14 with timestamp 46446335
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 15 with timestamp 46446336
Nothing to do.  Sleeping until we see a request.

-- 
View this message in context: http://www.nabble.com/TTLS-working.-Is-it-secure--tf3727367.html#a10431721
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list