log file for free radius 1.1.6 eap-tls authentication

tnt at kalik.co.yu tnt at kalik.co.yu
Mon May 28 16:07:06 CEST 2007


This is EAP-TLS. This user has a valid user certificate and is accepted.
If you don't want to go via certificates but use user/password, use
EAP-TTLS with MS-CHAPv2 (or PAP or any other auth protocol).

Ivan Kalik
Kalik Informatika ISP


Dana 28/5/2007, "anoop_c at sifycorp.com" <anoop_c at sifycorp.com> piše:

>Hi
>  pls find the o/p of radius -X.Also the log file is not coming.
>
>  [root at localhost sbin]# radiusd -X
>Starting - reading configuration files ...
>reread_config:  reading radiusd.conf
>Config:   including file: /etc/raddb/proxy.conf
>Config:   including file: /etc/raddb/clients.conf
>Config:   including file: /etc/raddb/snmp.conf
>Config:   including file: /etc/raddb/eap.conf
>Config:   including file: /etc/raddb/sql.conf
> main: prefix = \"/usr/local\"
> main: localstatedir = \"/usr/local/var\"
> main: logdir = \"/usr/local/var/log/radius\"
> main: libdir = \"/usr/local/lib\"
> main: radacctdir = \"/usr/local/var/log/radius/radacct\"
> main: hostname_lookups = no
> main: snmp = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = \"/usr/local/var/log/radius/radius.log\"
> main: log_auth = yes
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = \"/usr/local/var/run/radiusd/radiusd.pid\"
> main: user = \"(null)\"
> main: group = \"(null)\"
> main: usercollide = no
> main: lower_user = \"no\"
> main: lower_pass = \"no\"
> main: nospace_user = \"no\"
> main: nospace_pass = \"no\"
> main: checkrad = \"/usr/local/sbin/checkrad\"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: post_proxy_authorize = no
> proxy: wake_all_if_all_dead = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
>read_config_files:  reading dictionary
>read_config_files:  reading naslist
>Using deprecated naslist file.  Support for this will go away soon.
>read_config_files:  reading clients
>read_config_files:  reading realms
>radiusd:  entering modules setup
>Module: Library search path is /usr/local/lib
>Module: Loaded exec
> exec: wait = yes
> exec: program = \"(null)\"
> exec: input_pairs = \"request\"
> exec: output_pairs = \"(null)\"
> exec: packet_type = \"(null)\"
>rlm_exec: Wait=yes but no output defined. Did you mean output=none?
>Module: Instantiated exec (exec)
>Module: Loaded expr
>Module: Instantiated expr (expr)
>Module: Loaded System
> unix: cache = no
> unix: passwd = \"(null)\"
> unix: shadow = \"(null)\"
> unix: group = \"(null)\"
> unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\"
> unix: usegroup = no
> unix: cache_reload = 600
>Module: Instantiated unix (unix)
>Module: Loaded eap
> eap: default_eap_type = \"tls\"
> eap: timer_expire = 60
> eap: ignore_unknown_eap_types = no
> eap: cisco_accounting_username_bug = no
> tls: rsa_key_exchange = no
> tls: dh_key_exchange = yes
> tls: rsa_key_length = 512
> tls: dh_key_length = 512
> tls: verify_depth = 0
> tls: CA_path = \"(null)\"
> tls: pem_file_type = yes
> tls: private_key_file = \"/etc/1x/07xwifi.pem\"
> tls: certificate_file = \"/etc/1x/07xwifi.pem\"
> tls: CA_file = \"/etc/1x/root.pem\"
> tls: private_key_password = \"password\"
> tls: dh_file = \"/etc/1x/DH\"
> tls: random_file = \"/etc/1x/random\"
> tls: fragment_size = 1024
> tls: include_length = yes
> tls: check_crl = no
> tls: check_cert_cn = \"(null)\"
> tls: cipher_list = \"(null)\"
> tls: check_cert_issuer = \"(null)\"
>rlm_eap_tls: Loading the certificate file as a chain
>rlm_eap: Loaded and initialized type tls
>Module: Instantiated eap (eap)
>Module: Loaded preprocess
> preprocess: huntgroups = \"/etc/raddb/huntgroups\"
> preprocess: hints = \"/etc/raddb/hints\"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> preprocess: with_alvarion_vsa_hack = no
>Module: Instantiated preprocess (preprocess)
>Module: Loaded realm
> realm: format = \"suffix\"
> realm: delimiter = \"@\"
> realm: ignore_default = no
> realm: ignore_null = no
>Module: Instantiated realm (suffix)
>Module: Loaded files
> files: usersfile = \"/etc/raddb/users\"
> files: acctusersfile = \"/etc/raddb/acct_users\"
> files: preproxy_usersfile = \"/etc/raddb/preproxy_users\"
> files: compat = \"no\"
>Module: Instantiated files (files)
>Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port\"
>Module: Instantiated acct_unique (acct_unique)
>Module: Loaded detail
> detail: detailfile = \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d\"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
>Module: Instantiated detail (detail)
>Module: Loaded radutmp
> radutmp: filename = \"/usr/local/var/log/radius/radutmp\"
> radutmp: username = \"%{User-Name}\"
> radutmp: case_sensitive = yes
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
>Module: Instantiated radutmp (radutmp)
>Listening on authentication *:1812
>Listening on accounting *:1813
>Ready to process requests.
>rad_recv: Access-Request packet from host 192.168.0.50:1026, id=0, length=213
>        Message-Authenticator = 0x348faa1d22631530332a81f21a480716
>        Service-Type = Framed-User
>        User-Name = \"saravanakumar07\"
>        Framed-MTU = 1488
>        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
>        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
>        NAS-Identifier = \"D-Link Access Point\"
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = \"CONNECT 54Mbps 802.11g\"
>        EAP-Message = 0x02000014017361726176616e616b756d61723037
>        NAS-IP-Address = 192.168.0.50
>        NAS-Port = 1
>        NAS-Port-Id = \"STA port # 1\"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module \"preprocess\" returns ok for request 0
>    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
>    rlm_realm: No such realm \"NULL\"
>  modcall[authorize]: module \"suffix\" returns noop for request 0
>  rlm_eap: EAP packet type response id 0 length 20
>  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
>  modcall[authorize]: module \"eap\" returns updated for request 0
>  modcall[authorize]: module \"files\" returns notfound for request 0
>modcall: leaving group authorize (returns updated) for request 0
>  rad_check_password:  Found Auth-Type EAP
>auth: type \"EAP\"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>  rlm_eap: EAP Identity
>  rlm_eap: processing type tls
> rlm_eap_tls: Requiring client certificate
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>  modcall[authenticate]: module \"eap\" returns handled for request 0
>modcall: leaving group authenticate (returns handled) for request 0
>Sending Access-Challenge of id 0 to 192.168.0.50 port 1026
>        EAP-Message = 0x010100060d20
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xc1a1b99ed892aaa874bb2dabd58a9da3
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.0.50:1026, id=1, length=307
>        Message-Authenticator = 0x4ee10f4214227b83aa487603fc4261db
>        Service-Type = Framed-User
>        User-Name = \"saravanakumar07\"
>        Framed-MTU = 1488
>        State = 0xc1a1b99ed892aaa874bb2dabd58a9da3
>        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
>        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
>        NAS-Identifier = \"D-Link Access Point\"
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = \"CONNECT 54Mbps 802.11g\"
>        EAP-Message = 0x020100600d800000005616030100510100004d0301465ac684a8794ef0e567e436456ba8869ab7189a3c1ae5716f3fdec38ae182a610193a5d3bf49222fa530aa6094dd80e76001600040005000a000900640062000300060013001200630100
>        NAS-IP-Address = 192.168.0.50
>        NAS-Port = 1
>        NAS-Port-Id = \"STA port # 1\"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 1
>  modcall[authorize]: module \"preprocess\" returns ok for request 1
>    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
>    rlm_realm: No such realm \"NULL\"
>  modcall[authorize]: module \"suffix\" returns noop for request 1
>  rlm_eap: EAP packet type response id 1 length 96
>  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
>  modcall[authorize]: module \"eap\" returns updated for request 1
>  modcall[authorize]: module \"files\" returns notfound for request 1
>modcall: leaving group authorize (returns updated) for request 1
>  rad_check_password:  Found Auth-Type EAP
>auth: type \"EAP\"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 1
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/tls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>    (other): before/accept initialization
>    TLS_accept: before/accept initialization
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello
>    TLS_accept: SSLv3 read client hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>    TLS_accept: SSLv3 write server hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 04be], Certificate
>    TLS_accept: SSLv3 write certificate A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest
>    TLS_accept: SSLv3 write certificate request A
>    TLS_accept: SSLv3 flush data
>    TLS_accept: Need to read more data: SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>  eaptls_process returned 13
>  modcall[authenticate]: module \"eap\" returns handled for request 1
>modcall: leaving group authenticate (returns handled) for request 1
>Sending Access-Challenge of id 1 to 192.168.0.50 port 1026
>        EAP-Message = 0x0102040a0dc000000563160301004a020000460301465ac5ef2d0abda5b36cc686ccef0d9e8a907e16548ba82817b475b8cef9fe3b20f0328a38d5b438cbb376872879f3f0f89c7343ee8688765c8fc2ad235adbbef500040016030104be0b0004ba0004b700022b3082022730820190a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d3037303131333037353834305a170d3038303131333037353834305a305f310b300906035504061302494e310b3009060355040813
>        EAP-Message = 0x02544e310d300b060355040a1304536966793110300e06035504031307303778776966693122302006092a864886f70d01090116136a65796b756d61725f7340736966792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c6f366d39a74d8b66b561628be123f18f9b0a71f09b98d21b990e9a987d9acf3ceabd01df377e13da987a23f244496dfc0609e99ee03a9f44e51033cbb84c814d9d3225aacc7c67786fcd193d57c3f5ac16d7d1b83570152edca9ba9ff99ca4feffcb244551292fad52026afda1f876205e84a26b81cebd89fa03fd97e5f7fdb0203010001a317301530130603551d25040c300a06082b06
>        EAP-Message = 0x010505070301300d06092a864886f70d010104050003818100a4cbb4e6e8190d840edc9e61637a38ffa423b2a67e8d308c3005b8ec18318e94ddddbac0ccb1a15780c285de01622608f4caded74bab6f0c9d44dfdeb648e46bdd4de3606e4c7f86e5f86472722db409baffdb78eb6c7ad267a623e1155af13de26e83f3ce29b4f82baf551b756d2f49e5691cc1d80f6fb253b11e7a15bf296000028630820282308201eba003020102020100300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d30
>        EAP-Message = 0x37303131333037353830305a170d3038303131333037353830305a303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313073037787769666930819f300d06092a864886f70d010101050003818d0030818902818100ec232cf24bd548a586d614994a3f3b9ee699eb64a3bf9a0c90d7bc8afb39842c767c3613757b8d38a78ceaa6a499be55dcf997abb9963b3ef406b39f766054d8e37d35859e6bd5ce686c01eb63a25684afb79cd6796193355bd3ae67eae642701a34d1bc93426ade87434dadfbc8a8b0cae8137d97d2a267973f2213ebeefcfd0203010001a38195
>        EAP-Message = 0x308192301d0603551d0e04160414095ab44cec0cb80f
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x43e98998191c1122bfd72ba20764320b
>Finished request 1
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.0.50:1026, id=2, length=217
>        Message-Authenticator = 0xe8a5d1b7a5f9a89d7e42afc6244ffff5
>        Service-Type = Framed-User
>        User-Name = \"saravanakumar07\"
>        Framed-MTU = 1488
>        State = 0x43e98998191c1122bfd72ba20764320b
>        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
>        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
>        NAS-Identifier = \"D-Link Access Point\"
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = \"CONNECT 54Mbps 802.11g\"
>        EAP-Message = 0x020200060d00
>        NAS-IP-Address = 192.168.0.50
>        NAS-Port = 1
>        NAS-Port-Id = \"STA port # 1\"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 2
>  modcall[authorize]: module \"preprocess\" returns ok for request 2
>    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
>    rlm_realm: No such realm \"NULL\"
>  modcall[authorize]: module \"suffix\" returns noop for request 2
>  rlm_eap: EAP packet type response id 2 length 6
>  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
>  modcall[authorize]: module \"eap\" returns updated for request 2
>  modcall[authorize]: module \"files\" returns notfound for request 2
>modcall: leaving group authorize (returns updated) for request 2
>  rad_check_password:  Found Auth-Type EAP
>auth: type \"EAP\"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 2
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/tls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
>  rlm_eap_tls: ack handshake fragment handler
>  eaptls_verify returned 1
>  eaptls_process returned 13
>  modcall[authenticate]: module \"eap\" returns handled for request 2
>modcall: leaving group authenticate (returns handled) for request 2
>Sending Access-Challenge of id 2 to 192.168.0.50 port 1026
>        EAP-Message = 0x0103016d0d80000005638c150861ea8bc609ed3cfbc030630603551d23045c305a8014095ab44cec0cb80f8c150861ea8bc609ed3cfbc0a13fa43d303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810019a69104ce7b395ddbb7a05ae632f71c590ba34e71b9a57cbe952eabed153fdacb07eb1c8d6db397f1f47a687103025a91b0431e73beac6e788de0af02e7d49e35808652dc4b2db60ccbcef9245239c47c785fb5c78c79ed7dd22d60ab6c19727e
>        EAP-Message = 0xaa68ec38e3fc5b6e7716741e1f56eba981970face974b560ba07450ecdf817160301004c0d000044020102003f003d303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e06035504031307303778776966690e000000
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x8670b977c646e91adfd91786496c45ef
>Finished request 2
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.0.50:1026, id=3, length=1117
>        Message-Authenticator = 0xa370f2b08e6e383872205a370026c41c
>        Service-Type = Framed-User
>        User-Name = \"saravanakumar07\"
>        Framed-MTU = 1488
>        State = 0x8670b977c646e91adfd91786496c45ef
>        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
>        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
>        NAS-Identifier = \"D-Link Access Point\"
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = \"CONNECT 54Mbps 802.11g\"
>        EAP-Message = 0x020303840d800000037a160301034a0b00023a0002370002343082023030820199a0030201020202011f300d06092a864886f70d0101040500303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669301e170d3037303131393033343135305a170d3038303131393033343135305a3067310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453696679311830160603550403130f7361726176616e616b756d617230373122302006092a864886f70d01090116136a65796b756d61725f7340736966792e63
>        EAP-Message = 0x6f6d30819f300d06092a864886f70d010101050003818d0030818902818100b6413143a14d8666369a759ccad7ab221e73ec0cc73ad7346a6060b34e8571d1838d97cc4aa7a2f99a4be83b9bb5af5daeb3307909d5a44c9338a43b19b6c1f3ec6232eae8508103741d5eeb9b4e7f99b3c2b4b283fcef13cc1b34a087e240e2ab94fee8fce66687dd95690b23d20e84551cd24f385afb5cdb086f851f9900070203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010104050003818100ca0e708d266de50c32dc92d523eed3b11d4e678e2d7bdfeffca92e91b3be256b1533f53180c670c7e224671bbc
>        EAP-Message = 0x1b1245c125bd2f3c252da361542f7d43e5b18db9d6904d92d1300a9e333d7ac7d8a8ec00aa3bed5d0c9f07028b62f004e6bcfbdee18f80740820065ea68c48cca932d6e3388b9837c944c42ddc92eed2eb66851000008200800e8d0f8c2bbe84a6c2a1dec24b1301126c5014bc64bb60aa57053af71ce790709036034dfd85c2cde680388e410bf11cf623f0469c605f058313088a50be37ef633cf901ce8613c4968ef8d1f369bb38903fbda7c4a197b8357706c2abb0358c558e3f8d1306d11043d7762749e5133b7d7eb2cd2a226888a14bbc626cd3dcd80f0000820080448775660120cb094f6cf29dce77ccc080f202df2e3e5a5e0dcc6f8308e6
>        EAP-Message = 0xc08f0e79440eec49c7b7fcb820bcecc8a3d02b8bffe75f901b9a1627479ae616e86d8a49ad93fb313b939cb73f5219b9230786cb348bed214a33e0499b638c3a3fffaa5b668d8d5324a0955f33bdf76524eff59a087c6fc15afd44bd75aa417546ee14030100010116030100205855ce98017c7c5ca87c91534c2fd241039ccad9a19ff4465cd7c040e9d540b7
>        NAS-IP-Address = 192.168.0.50
>        NAS-Port = 1
>        NAS-Port-Id = \"STA port # 1\"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 3
>  modcall[authorize]: module \"preprocess\" returns ok for request 3
>    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
>    rlm_realm: No such realm \"NULL\"
>  modcall[authorize]: module \"suffix\" returns noop for request 3
>  rlm_eap: EAP packet type response id 3 length 253
>  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
>  modcall[authorize]: module \"eap\" returns updated for request 3
>  modcall[authorize]: module \"files\" returns notfound for request 3
>modcall: leaving group authorize (returns updated) for request 3
>  rad_check_password:  Found Auth-Type EAP
>auth: type \"EAP\"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 3
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/tls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 023e], Certificate
>chain-depth=1,
>error=0
>--> User-Name = saravanakumar07
>--> BUF-Name = 07xwifi
>--> subject = /C=IN/ST=TN/O=Sify/CN=07xwifi
>--> issuer  = /C=IN/ST=TN/O=Sify/CN=07xwifi
>--> verify return:1
>chain-depth=0,
>error=0
>--> User-Name = saravanakumar07
>--> BUF-Name = saravanakumar07
>--> subject = /C=IN/ST=TN/O=Sify/CN=saravanakumar07/emailAddress=jeykumar_s at sify.com
>--> issuer  = /C=IN/ST=TN/O=Sify/CN=07xwifi
>--> verify return:1
>    TLS_accept: SSLv3 read client certificate A
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
>    TLS_accept: SSLv3 read client key exchange A
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
>    TLS_accept: SSLv3 read certificate verify A
>  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
>    TLS_accept: SSLv3 read finished A
>  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
>    TLS_accept: SSLv3 write change cipher spec A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
>    TLS_accept: SSLv3 write finished A
>    TLS_accept: SSLv3 flush data
>    (other): SSL negotiation finished successfully
>SSL Connection Established
>  eaptls_process returned 13
>  modcall[authenticate]: module \"eap\" returns handled for request 3
>modcall: leaving group authenticate (returns handled) for request 3
>Sending Access-Challenge of id 3 to 192.168.0.50 port 1026
>        EAP-Message = 0x010400350d800000002b14030100010116030100204162186f236f12a6774a934742937f8d6653973dbce3f01ee4c223e78617f9d4
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x5edb6911600c27ccf2a62bd801e114ab
>Finished request 3
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.0.50:1026, id=4, length=217
>        Message-Authenticator = 0x885b78f58d62d0eec96b2535b1e9bfb1
>        Service-Type = Framed-User
>        User-Name = \"saravanakumar07\"
>        Framed-MTU = 1488
>        State = 0x5edb6911600c27ccf2a62bd801e114ab
>        Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
>        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
>        NAS-Identifier = \"D-Link Access Point\"
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = \"CONNECT 54Mbps 802.11g\"
>        EAP-Message = 0x020400060d00
>        NAS-IP-Address = 192.168.0.50
>        NAS-Port = 1
>        NAS-Port-Id = \"STA port # 1\"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 4
>  modcall[authorize]: module \"preprocess\" returns ok for request 4
>    rlm_realm: No \'@\' in User-Name = \"saravanakumar07\", looking up realm NULL
>    rlm_realm: No such realm \"NULL\"
>  modcall[authorize]: module \"suffix\" returns noop for request 4
>  rlm_eap: EAP packet type response id 4 length 6
>  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
>  modcall[authorize]: module \"eap\" returns updated for request 4
>  modcall[authorize]: module \"files\" returns notfound for request 4
>modcall: leaving group authorize (returns updated) for request 4
>  rad_check_password:  Found Auth-Type EAP
>auth: type \"EAP\"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 4
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/tls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
>  rlm_eap_tls: ack handshake is finished
>  eaptls_verify returned 3
>  eaptls_process returned 3
>  rlm_eap: Freeing handler
>  modcall[authenticate]: module \"eap\" returns ok for request 4
>modcall: leaving group authenticate (returns ok) for request 4
>Login OK: [saravanakumar07] (from client private-network-1 port 1 cli 00-0E-35-F3-A1-67)
>Sending Access-Accept of id 4 to 192.168.0.50 port 1026
>        MS-MPPE-Recv-Key = 0xb6e9159f33592da50de909d1f12d8cdfa9b866be2d2b12f90f7edefa4c7af054
>        MS-MPPE-Send-Key = 0xca94e3cdf69257d148b01ccb582dbb3e45b06dbc4450b07850fb47288111daf0
>        EAP-Message = 0x03040004
>        Message-Authenticator = 0x00000000000000000000000000000000
>        User-Name = \"saravanakumar07\"
>Finished request 4
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 5 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 0 with timestamp 465ac5ef
>Cleaning up request 1 ID 1 with timestamp 465ac5ef
>Cleaning up request 2 ID 2 with timestamp 465ac5ef
>Cleaning up request 3 ID 3 with timestamp 465ac5ef
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Cleaning up request 4 ID 4 with timestamp 465ac5f0
>Nothing to do.  Sleeping until we see a request.
>
>[root at localhost sbin]#
>
>
>
>> Message: 5
>> Date: Mon, 28 May 2007 12:08:21 +0100
>> From: <tnt at kalik.co.yu>
>> Subject: Re: log file for free radius 1.1.6 eap-tls authentication
>> To: \"FreeRadius users mailing list\"
>> 	<freeradius-users at lists.freeradius.org>
>> Message-ID: <Bslo14cn.1180350501.8176480.tnt at kalik.co.yu>
>> Content-Type: text/plain; charset=ISO-8859-2
>>
>> Post the radiusd -X output of user not in users file being accepted.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 28/5/2007, \"anoop_c at sifycorp.com\" <anoop_c at sifycorp.com> pi?e:
>>
>> >Hi all
>> > I have two quieres
>> >1
>> >      I have changed the log_auth= yes
>> >Still i am not able to get logs.Pls find my configs
>> >  prefix = /usr/local
>> >exec_prefix = ${prefix}
>> >sysconfdir = /etc
>> >localstatedir = ${prefix}/var
>> >sbindir = ${exec_prefix}/sbin
>> >logdir = /usr/local/var/log/radius
>> >raddbdir = ${sysconfdir}/raddb
>> >radacctdir = ${logdir}/radacct
>> >
>> >#  Location of config and logfiles.
>> >confdir = ${raddbdir}
>> >run_dir = ${localstatedir}/run/radiusd
>> >
>> >#
>> >#  The logging messages for the server are appended to the
>> >#  tail of this file.
>> >#
>> >log_file = /usr/local/var/log/radius/radius.log
>> >
>> >
>> >
>> >
>> >log_stripped_names = no
>> >
>> >#  Log authentication requests to the log file.
>> >#
>> >#  allowed values: {no, yes}
>> >#
>> >log_auth = yes
>> >
>> >#  Log passwords with the authentication requests.
>> >#  log_auth_badpass  - logs password if it\'s rejected
>> >#  log_auth_goodpass - logs password if it\'s correct
>> >
>> >
>> >2 While i am using Navis radius, ther will be one user file where you
>> have to add all usernames.In free radius without adding the username
>> also the authentication is working.I would like to have users file so
>> that only the users specified in that will authenticate. Wat config
>> change i should make for the same
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list