EAP/TTLS problem with Win XP and Linux
elhammoud rachida
racha81 at hotmail.fr
Thu Oct 4 10:24:41 CEST 2007
hello,
i'am trying to use radius authenticate and authorise users by EAP/TTLS from
XP and Linux ( Debian), i'am using only a « users » like database. i'am
reading the documentation : http://wiki.freeradius.org
i've imported root.pem both Windows XP and Linux
this log to Linux:
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=191,
length=208 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
EAP-Message = 0x0201000a017261636861
Message-Authenticator = 0xfae743fe55bca3b8b83a48a3f10ed3bc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 191 to 145.238.3.182:1026
EAP-Message =
0x0102001f1a0102001a105f4f4c366e47d80b1c27e30d08b4b0367261636861
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfbee0cbaf20c360d6491c2b0b512304d
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=192,
length=222 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
State = 0xfbee0cbaf20c360d6491c2b0b512304d
EAP-Message = 0x020200060315
Message-Authenticator = 0xd72410f740ae385523110d6defecb5f0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 192 to 145.238.3.182:1026
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x429c3c29e255f725c510981e01307d3e
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=193,
length=313 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
State = 0x429c3c29e255f725c510981e01307d3e
EAP-Message =
0x0203006115800000005716030100520100004e0301470497b869826a1a156494e801e8ab8ebc88e444edbab8d5e7b9c890b9ce7d5c00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
Message-Authenticator = 0x69a1421041ecda03d67273a14054310d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 97
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0627], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 193 to 145.238.3.182:1026
EAP-Message =
0x0104040a15c000000684160301004a02000046030147049795ea5f54b60ec1a963a6050cf321b373a5129b55236ceb8814646c656e2021397a7083f4b0e4ef289bb347da88c32d2538e9c0c5796afd72671ff95b43a800350116030106270b0006230006200002ad308202a930820212a00302010202090097d09903d21d9c53300d06092a864886f70d0101040500308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d0109
EAP-Message =
0x0116127261636861383140686f746d61696c2e6672301e170d3037303932353131313234395a170d3038303932343131313234395a308192310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3110300e06035504031307736572766575723121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100bfb94bae23d4d4501336fc7fdb003812ab5c91411eed
EAP-Message =
0xb9725040db64c2a0e82e184b66da29d00c42a99b5c588f7de357d074b21a4ce8ed578bffb5f2b962dd2bfd8c6a60a3dc064acc9fedb3fad12fb92de22b0634430dc06a630879e4ea0448079ced1bc11c003ef63cc063bcb5a511c6f6fd2b5d8b0bae89d1b04c0985a1f70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009bb60795878ef9fd824caf95eda533eab41d75312f8af7420ca9045a4fed5c4999bb03caacd5f1074ba66ec9c401629f93b57709be7ab76188983f3f87b120536fdc626dbb5aed1b80e1473745421b7a867877073afc4394bae8579886ade7082f38
EAP-Message =
0x5284ead1564c79f6c83c07344ad50707bc67777485939021fd5c4fde550500036d30820369308202d2a00302010202090097d09903d21d9c52300d06092a864886f70d0101040500308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e6672301e170d3037303932353131313130375a170d3037313032353131313130375a308180310b30090603550406130246523113
EAP-Message = 0x30110603550408130a536f6d652d5374617465310f30
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdb56b546410d47e8ad2dc8aa7e606f8
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=194,
length=222 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
State = 0xcdb56b546410d47e8ad2dc8aa7e606f8
EAP-Message = 0x020400061500
Message-Authenticator = 0x78acfb7b5c5d9ba93dbf5fb16b853196
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 194 to 145.238.3.182:1026
EAP-Message =
0x0105028e1580000006840d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100f2ce03feb0bbacd0c1b89ecea0621fa70d0c0dfd777f82b7da4b0c67908bdc72af35b501036b39c796fab274fe7c7098395139cd80c3def0e8ca65c3f1291a84a1f38342474758c9fa9aac36818b6626839b7f9a6673393d44940ebaea14cd662a0f5bd0487e27a29842095e7bd5309d75649205a5fad97bc41d75
EAP-Message =
0xec80d2fbab0203010001a381e83081e5301d0603551d0e04160414d8ca68899a3cf0402e89e9889f4f598ba2bec2513081b50603551d230481ad3081aa8014d8ca68899a3cf0402e89e9889f4f598ba2bec251a18186a48183308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667282090097d09903d21d9c52300c0603551d13040530030101ff300d06092a864886
EAP-Message =
0xf70d01010405000381810055e9fecdcd89146c84f21a7b232da59b1eee35c889d5eb07950d116f3baf9123308ea514daa6f7515e33994652f76748b981e7c5e5a00e6c5c4c03299318e812e100549970034482fef14fcaa937d71d79a6bfb4f0ce39b2bbe0f4028e1f90a2c7d1e1f6ded3df9e11af13c85fa10eaec4f6979f3010b4b5521d07e05e4a6ec916030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe701c94007f01d9882634f0432a6d114
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=195,
length=424 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
State = 0xe701c94007f01d9882634f0432a6d114
EAP-Message =
0x020500d01580000000c61603010086100000820080507e96001f817c7dfce96e989e771b2f38902a81f66519d75d522508d6b663508f50ef374da3dfc95996083930080e5edc58248184dd494816913f65d647fde08f8b2db8a1e37422e4d9ff6dd65cbd60a5c21b5d7e66d015b9cc61e2ac46dc25de7c9f6e01be17dbbb0599d795f3aa77467f4354579881ff6240969e5e9f5a1414030100010116030100305b0059cfbe818835fc45399fb05c6c72596ce0ec8a4a0befa17575c6a10931c46c05cc777adf688c60a888f381a2e561
Message-Authenticator = 0xa55246d48162d9bc3e2842114589d25b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 195 to 145.238.3.182:1026
EAP-Message =
0x0106004515800000003b140301000101160301003058729f21c600df1c67c00c784ba7ecf50581a5b3657f8a24ebd96af0977e332430409dee3dfec98cb5786579ba3c9189
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x34c8b26e1d7071a34ec8210c3710baaa
Finished request 4
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 191 with timestamp 47049795
Cleaning up request 1 ID 192 with timestamp 47049795
Cleaning up request 2 ID 193 with timestamp 47049795
Cleaning up request 3 ID 194 with timestamp 47049795
Cleaning up request 4 ID 195 with timestamp 47049795
Nothing to do. Sleeping until we see a request.
the server no sends response, why??
and this log by Windows XP
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=196,
length=208 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
EAP-Message = 0x021b000a017261636861
Message-Authenticator = 0x54bacc36ad1175e684554c5f76c58832
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: EAP packet type response id 27 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 196 to 145.238.3.182:1026
EAP-Message =
0x011c001f1a011c001a105f4f4c366e47d80b1c27e30d08b4b0367261636861
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfbee0cbaf20c360de5cb21cf55607e20
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=197,
length=222 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
State = 0xfbee0cbaf20c360de5cb21cf55607e20
EAP-Message = 0x021c00060315
Message-Authenticator = 0xb00f0ec480c5c36eb8a7110e87bde3b3
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_eap: EAP packet type response id 28 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 197 to 145.238.3.182:1026
EAP-Message = 0x011d00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x429c3c29e255f725e935b0e1db7a8a39
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=198,
length=276 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
State = 0x429c3c29e255f725e935b0e1db7a8a39
EAP-Message =
0x021d003c158000000032160301002d010000290301e0dd816d595bd3edf0729c53c2953ffb3711cca4eb039cd0b2ac413175dfd9cd000002000a0100
Message-Authenticator = 0x842f4348b12e8e2bf0ce66965c711fc9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_eap: EAP packet type response id 29 length 60
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0627], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 198 to 145.238.3.182:1026
EAP-Message =
0x011e040a15c000000684160301004a02000046030147049daa9066df5b206f509c2daf785a039b3f290d1da1972b195d73c56b3fee20d5f2327a11b59ff3ae5d4e9d5faaa5a1e5941852291e3c28f8403f5658ff3bd0000a0016030106270b0006230006200002ad308202a930820212a00302010202090097d09903d21d9c53300d06092a864886f70d0101040500308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d0109
EAP-Message =
0x0116127261636861383140686f746d61696c2e6672301e170d3037303932353131313234395a170d3038303932343131313234395a308192310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3110300e06035504031307736572766575723121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100bfb94bae23d4d4501336fc7fdb003812ab5c91411eed
EAP-Message =
0xb9725040db64c2a0e82e184b66da29d00c42a99b5c588f7de357d074b21a4ce8ed578bffb5f2b962dd2bfd8c6a60a3dc064acc9fedb3fad12fb92de22b0634430dc06a630879e4ea0448079ced1bc11c003ef63cc063bcb5a511c6f6fd2b5d8b0bae89d1b04c0985a1f70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009bb60795878ef9fd824caf95eda533eab41d75312f8af7420ca9045a4fed5c4999bb03caacd5f1074ba66ec9c401629f93b57709be7ab76188983f3f87b120536fdc626dbb5aed1b80e1473745421b7a867877073afc4394bae8579886ade7082f38
EAP-Message =
0x5284ead1564c79f6c83c07344ad50707bc67777485939021fd5c4fde550500036d30820369308202d2a00302010202090097d09903d21d9c52300d06092a864886f70d0101040500308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e6672301e170d3037303932353131313130375a170d3037313032353131313130375a308180310b30090603550406130246523113
EAP-Message = 0x30110603550408130a536f6d652d5374617465310f30
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdb56b546410d47ec20726810835dc55
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 145.238.3.182:1026, id=199,
length=222 Framed-MTU = 1480
NAS-IP-Address = 145.238.3.182
NAS-Identifier = "sw-test-radius-1"
User-Name = "racha"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-14-38-fe-12-00"
Calling-Station-Id = "00-12-3f-0e-99-6f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "301"
State = 0xcdb56b546410d47ec20726810835dc55
EAP-Message = 0x021e00061500
Message-Authenticator = 0xabeaab3cbe7e553ebd43785cd5c25f86
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
rlm_eap: EAP packet type response id 30 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry racha at line 86
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 199 to 145.238.3.182:1026
EAP-Message =
0x011f028e1580000006840d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100f2ce03feb0bbacd0c1b89ecea0621fa70d0c0dfd777f82b7da4b0c67908bdc72af35b501036b39c796fab274fe7c7098395139cd80c3def0e8ca65c3f1291a84a1f38342474758c9fa9aac36818b6626839b7f9a6673393d44940ebaea14cd662a0f5bd0487e27a29842095e7bd5309d75649205a5fad97bc41d75
EAP-Message =
0xec80d2fbab0203010001a381e83081e5301d0603551d0e04160414d8ca68899a3cf0402e89e9889f4f598ba2bec2513081b50603551d230481ad3081aa8014d8ca68899a3cf0402e89e9889f4f598ba2bec251a18186a48183308180310b3009060355040613024652311330110603550408130a536f6d652d5374617465310f300d060355040713064d4555444f4e31133011060355040a130a4f4253204d4555444f4e31133011060355040b130a4465706172742053494f3121301f06092a864886f70d01090116127261636861383140686f746d61696c2e667282090097d09903d21d9c52300c0603551d13040530030101ff300d06092a864886
EAP-Message =
0xf70d01010405000381810055e9fecdcd89146c84f21a7b232da59b1eee35c889d5eb07950d116f3baf9123308ea514daa6f7515e33994652f76748b981e7c5e5a00e6c5c4c03299318e812e100549970034482fef14fcaa937d71d79a6bfb4f0ce39b2bbe0f4028e1f90a2c7d1e1f6ded3df9e11af13c85fa10eaec4f6979f3010b4b5521d07e05e4a6ec916030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe701c94007f01d98e348e2739e552ea6
Finished request 3
Going to the next request
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 196 with timestamp 47049da8
Cleaning up request 1 ID 197 with timestamp 47049da8
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 198 with timestamp 47049daa
Cleaning up request 3 ID 199 with timestamp 47049daa
Nothing to do. Sleeping until we see a request.
what's a problem?
Please could you help me?
thanks
_________________________________________________________________
Gagnez des écrans plats avec Live.com http://www.image-addict.fr/
More information about the Freeradius-Users
mailing list