Wincdows Clients works, Linux don't

Sergio Belkin sebelk at gmail.com
Mon Oct 22 21:58:08 CEST 2007


I am using freeradius with EAP/TTLS. Windows Clients work fine, but
not from Linux. These are the message after trying to access from
Ubuntu 7.04:



--- Walking the entire request list ---
Sending Access-Reject of id 252 to 10.30.1.151 port 1031
        EAP-Message = 0x04060004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=253, length=102
        User-Name = "jdoe"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x0201000b016d6261726265
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        Message-Authenticator = 0x10cf9173f0fc56e7c29c6febe5be1f90
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 48
  modcall[authorize]: module "preprocess" returns ok for request 48
  rlm_eap: EAP packet type response id 1 length 11
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 48
  modcall[authorize]: module "files" returns notfound for request 48
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat:  '(uid=jdoe)'
radius_xlat:  'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 58
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 48
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 48
modcall: leaving group authorize (returns updated) for request 48
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 48
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 48
modcall: leaving group authenticate (returns handled) for request 48
Sending Access-Challenge of id 253 to 10.30.1.151 port 1031
        EAP-Message = 0x010f061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x93a4cdfad4b31637cd74d6d3255e4b30
Finished request 48
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=254, length=202
        User-Name = "jdoe"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message =
0x0202005d150016030100520100004e0301471e027b594fc3bd23cd735f39013a7f93bc2b2574587abf78b635eb801f850600002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x93a4cdfad4b31637cd74d6d3255e4b30
        Message-Authenticator = 0x3c9b688b198579b1ba4e97ba79c783cf
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 49
  modcall[authorize]: module "preprocess" returns ok for request 49
  rlm_eap: EAP packet type response id 2 length 93
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 49
  modcall[authorize]: module "files" returns notfound for request 49
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat:  '(uid=jdoe)'
radius_xlat:  'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 59
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 49
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 49
modcall: leaving group authorize (returns updated) for request 49
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 49
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0852], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
    TLS_accept: SSLv3 write key exchange A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 49
modcall: leaving group authenticate (returns handled) for request 49
Sending Access-Challenge of id 254 to 10.30.1.151 port 1031
        EAP-Message =
0x0103040a15c000000ac1160301004a020000460301471cdb5884f622bdad38ebc5862a7813cc4220fa5f1fd7a4a3a60fd18f9e2893200f5d445c4201d335a4d3376418bb45730265c2ab57c352cd5c8ddd4c2679a9b700390016030108520b00084e00084b0003b9308203b53082029da003020102020111300d06092a864886f70d010104050030818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06
        EAP-Message =
0x035504031315436572746966696361746520417574686f72697479301e170d3037313031313233333633305a170d3131313031303233333633305a308193310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f312d302b060355040b1324446570617274616d656e746f20646520436f6d756e69636163696f6e6573202d20737032311d301b06035504031314737065637472756d2e70616c65726d6f2e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100e04585aa76fe88e53fe2e5
        EAP-Message =
0xfd4e4c9732987996ca13093a1173f9760319f9bf6b1bbad6702284056432c8b9409e28789a2d91e8027baa1fadcf4951be8b3d1932d6a125dd50d18a57ea8c909eb93b83f73404193b6ebb16e7abcc49ec7b3d2546f65e41d895631ab82cbf09c6744c9d6e01064fd1548487e70baf1179f387430d7f193460f4bf55e9c6cb2100202382b2c0c10929e125f8c32bd5cd0d26c3d908688cb747475263370195f56c256bad4ee232fb9db6bf07966c6ad88f5bfa07143c5a626fde432f3582bdc50164e1b216e902efb947be80f5d64cf05e33e1ba76c3734bd4a1586895b5575ac4ea9f87384629547e75ad7c119c66abe7a07f8c7d0203010001a31730
        EAP-Message =
0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c056381386ae47210e7781b5f29f6e345d3cf3170d7b56f207c5120ad7a0a3f50d8d5089b1b670e12571f30f6035435027ba8a6c0f560c4ed67436b09470a25f6c6ed5f6183671143d0119cdbd58f1564ff62d829557d30db8e3e629cde53dc086b2b6e6cbc199f38653349b1abd884554bde148d0b3c6972f3910a3d9a6004b4b85b5c2bea77f8939d3518d718d5a1290ca6c03f3ce5d98906e243f4cc698360b5d5f3015054f0dc7f0cb42475760038477a75d03c048f80b4f50b554499749833660883b818630ae143a9e0ac935e5e3d594
        EAP-Message = 0xf97b881df18c0b1712e00eef6a91fa1582e7f8eb93fa
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9f0fb729292fd1fa84bf8407b903c2f1
Finished request 49
Going to the next request
Cleaning up request 42 ID 247 with timestamp 471cdb53
Cleaning up request 43 ID 248 with timestamp 471cdb53
Cleaning up request 44 ID 249 with timestamp 471cdb53
Cleaning up request 45 ID 250 with timestamp 471cdb53
Cleaning up request 46 ID 251 with timestamp 471cdb53
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=255, length=115
        User-Name = "jdoe"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020300061500
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x9f0fb729292fd1fa84bf8407b903c2f1
        Message-Authenticator = 0x1bf865fa2b8ecd5298a3ba37822d1ce6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 50
  modcall[authorize]: module "preprocess" returns ok for request 50
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 50
  modcall[authorize]: module "files" returns notfound for request 50
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat:  '(uid=jdoe)'
radius_xlat:  'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 60
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 50
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 50
modcall: leaving group authorize (returns updated) for request 50
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 50
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 50
modcall: leaving group authenticate (returns handled) for request 50
Sending Access-Challenge of id 255 to 10.30.1.151 port 1031
        EAP-Message =
0x0104040a15c000000ac14ee3f701692818d33744866b15afbc8774a1ed07b5b43200048c3082048830820370a003020102020101300d06092a864886f70d010104050030818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f72697479301e170d3035313230313134353835305a170d3135313132393134353835305a30818e310b30090603
        EAP-Message =
0x55040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100eb878d17120d3af300ab78838b32fde160463d4ff2693c5ebc59123788f0bfe9d90aaa34a22bab04b8e8f294176215b97f2edf6c686434ad87acccd5ecf7edec871e8449a876cbfe531c5158385aa9d30685723c
        EAP-Message =
0xf3273b5d2d8cde4ca62b0c07c3bdd54be96f2f68074454281c527079276d3388dcdb097e730c419f58d24eaca71fd8c5d8b6fe023154b9bdb920dc6ac013a57dc9bf94b99250b47bc32a07afbf2a2eddd37bdb8f0421f7df33eb999dce70784d065458b5e590f1c285837464709c6af7e3ae092dd38372420e780d8567699d534897f298fcde4309a2f66afee6dce842a69c31f1ca580454665eae87a04881b0bbb009928b30ef374fa534e50203010001a381ee3081eb301d0603551d0e04160414fd77533bb6a66d1e3b48bfb5d21501d829ddf4693081bb0603551d230481b33081b08014fd77533bb6a66d1e3b48bfb5d21501d829ddf469a18194
        EAP-Message =
0xa4819130818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f72697479820101300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010066656bbb8617d0aa046d938fb367586fb47ba22a4c54ccfc21d3bdc13ae39df3cd89029a0b5bcacb39977e824d94ba8c61296ce2e38d91e22766ce9ce6d988580251e19e
        EAP-Message = 0xf037cea75d86cb016c26f8d51bb33fbe8f07daf1f9fc
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x8ec906c143e12a91c2923decee5f456a
Finished request 50
Going to the next request
Cleaning up request 47 ID 252 with timestamp 471cdb53
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=0, length=115
        User-Name = "jdoe"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020400061500
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x8ec906c143e12a91c2923decee5f456a
        Message-Authenticator = 0x6505201bc52e449d0d78f34393accd3f
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 51
  modcall[authorize]: module "preprocess" returns ok for request 51
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 51
  modcall[authorize]: module "files" returns notfound for request 51
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat:  '(uid=jdoe)'
radius_xlat:  'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 61
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 51
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 51
modcall: leaving group authorize (returns updated) for request 51
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 51
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 51
modcall: leaving group authenticate (returns handled) for request 51
Sending Access-Challenge of id 0 to 10.30.1.151 port 1031
        EAP-Message =
0x010502cb158000000ac178833f2254362517e85e9dcd2c4362773223204e9c66dff65f08f319c5c9a2bb6a6de09b6534fd5df1fc14ba8dc996930e5413bbb2d4cae1c5aa68abe3785bec762c0c47246c2a89066512727dfc1c8b96fb0005841d05009db8e084a3931d2046b4d8047d2c182c9b0a5b5f340ee1b4331ec0ece5185dc33e4f100ec0a0a7e6e2bad313ea717fa4d4ed2e913575014832f80d0298e5c662015b0729eabd6220c0082326acb5160301020d0c0002090080ab5cc42c337b650ab1047c54f7a4fc1a130b5596597983a2b227b2a9969953ee8238cee287777922551db722e8db74a6f760d006dac6ebfcc8a12be3a29d341f28c8
        EAP-Message =
0x4c7276144e8ef17163040ab5133ee9dab782f2a030bf37bef653c2081f601c1563997b74cecc8d1d10f7bfdd6d812abd1b020076c2f9d125d24e7148765b00010200802b5df81bd6d61aef7ac659e75d873e6160d654a21ae35372e1f4c23b27eb9da51e47b885d05c5b384b6607e45a86bb5498b5909c81cfcf8079bfaf7a205b1e8ae0e4cc055ddf84fd7a3122952b744b777e35b50385e8de99a39fdce13f3806e54f399cfa985e9b938f7787f8cb091b6c9d344cc1c8cbf49a6b69642f29054f1e01008e859eb9cf1a0a028e0dac00ea41f9c36444e7e1fca9a1d1443f9facbf531a834d0ad6f4ddd46c4b724c359cccce7b96ba81baf8e3571623
        EAP-Message =
0xd53ab675a4d6256fbd3485a7c422d677afcbec25fbac4b50c9d9d410bff745fe20cc8604ff15eb43fc8923b0757caac662887d1123dc38dd090c41a7f9e5352a4e2075e80b8473dcb05bf3b76bf63b6de5f7d32ce8d44933b09aa972a16d9f07da5398db6a8cd8567c1b017ec6be611af3cb5a983083297c706459982b8040cbd09c0af14f74f3130a72f89309a68eb110a947055823e5c5390c4846b3e59b63e66ddcbdcb62c6f03958908363a9185afe60cbc91aac69609409435b4b56b750383b8b251a12bac416030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x89c261d0437eeb9dcddbe806fe528723
Finished request 51
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=1, length=313
        User-Name = "jdoe"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message =
0x020500cc1500160301008610000082008057043d3068860732c837deabd3478f745b102bd2059b58a6ae82b07439e2333e4d08a61e062ecc61ecc31ac7461234f8a82565867e14f62ee29eb862282a7e4a2fb1c3e9e14b3df1a4e75281a4623872c1839bf9ca2ff9d7fac21f1427e057f9178814756a0ab73dc99098322d70e12cb698a85a2a81685771b951bded038d4514030100010116030100302282d77f0730d9d730c3e02ba2ffd22eb47bcf3a5a365ff22adf85d96bd84be66928ffcf58720562175aa6725ea1cff7
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x89c261d0437eeb9dcddbe806fe528723
        Message-Authenticator = 0x7610c5f0d8723787c71194309ef953c1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 52
  modcall[authorize]: module "preprocess" returns ok for request 52
  rlm_eap: EAP packet type response id 5 length 204
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 52
  modcall[authorize]: module "files" returns notfound for request 52
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat:  '(uid=jdoe)'
radius_xlat:  'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 62
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 52
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 52
modcall: leaving group authorize (returns updated) for request 52
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 52
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 52
modcall: leaving group authenticate (returns handled) for request 52
Sending Access-Challenge of id 1 to 10.30.1.151 port 1031
        EAP-Message =
0x0106004515800000003b14030100010116030100305733430142da8ad230323c344f3ad0d604a9bfc411f63958f04a6d2da875d66d4b5f28db659aab44adfc8379f8b2ed9d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9d7022d071c2cef6bf33debacd0cb017
Finished request 52
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=2, length=205
        User-Name = "jdoe"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message =
0x020600601500170301002020647f7d8d2bccc5abe810057b62591cb8d50a9c28d9e1edac7975536e78ed8717030100305f194220a912f09dead1620b1bf24c355d0134f82f36caca739a61d3211d82c6c7b337d69e644127509b25da6874c0f2
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x9d7022d071c2cef6bf33debacd0cb017
        Message-Authenticator = 0x1981ceaaca92086c0e3517f5cd3f2858
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 53
  modcall[authorize]: module "preprocess" returns ok for request 53
  rlm_eap: EAP packet type response id 6 length 96
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 53
  modcall[authorize]: module "files" returns notfound for request 53
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat:  '(uid=jdoe)'
radius_xlat:  'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 63
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 53
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 53
modcall: leaving group authorize (returns updated) for request 53
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 53
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled attributes.
  TTLS: Got tunneled identity of jdoe
  TTLS: Setting default EAP type for tunneled EAP session.
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 53
  modcall[authorize]: module "preprocess" returns ok for request 53
  rlm_eap: EAP packet type response id 6 length 11
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 53
  modcall[authorize]: module "files" returns notfound for request 53
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat:  '(uid=jdoe)'
radius_xlat:  'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 64
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 53
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 53
modcall: leaving group authorize (returns updated) for request 53
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 53
  rlm_eap: EAP Identity
 rlm_eap: No such EAP type md5
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 53
modcall: leaving group authenticate (returns invalid) for request 53
auth: Failed to validate the user.
  TTLS: Got tunneled Access-Reject
 rlm_eap: Handler failed in EAP/ttls
  TTLS: Freeing handler for user jdoe
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 53
modcall: leaving group authenticate (returns invalid) for request 53
auth: Failed to validate the user.
Delaying request 53 for 1 seconds
Finished request 53
Going to the next request
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 2 to 10.30.1.151 port 1031
        EAP-Message = 0x04060004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 51 ID 0 with timestamp 471cdb58
Cleaning up request 52 ID 1 with timestamp 471cdb58
Cleaning up request 53 ID 2 with timestamp 471cdb58
Cleaning up request 48 ID 253 with timestamp 471cdb58
Cleaning up request 49 ID 254 with timestamp 471cdb58
Cleaning up request 50 ID 255 with timestamp 471cdb58
Nothing to do.  Sleeping until we see a request.



-- 
--
Sergio Belkin -



More information about the Freeradius-Users mailing list