Cert Problem with EAP-TTSL, SecureW2 (1.0.5-->1.1.7)
Martin Pauly
pauly at hrz.uni-marburg.de
Tue Oct 30 18:15:17 CET 2007
Hi everybody,
I'm trying to upgrade form 1.0.5 to 1.1.7.
For a test run, I copied all the cert and key files
(only server-side, it's TTLS) from the production server,
and 1.1.7 starts up fine (well, almost, see below).
When connecting with a SecureW2 client that goes along
well with the 1.0.5 server, I get a dialog window
presenting the cert, but SecureW2 complains it's
unable to put it into the hierarchy (which is in
place already). There is no way to go on then,
installing manually won't work either.
Have I missed some change in the cert handling?
Thanks for any help
Martin
Here's the output:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/freeradius/proxy.conf
Config: including file: /etc/freeradius/clients.conf
Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/eap.conf
Config: including file: /etc/freeradius/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/freeradius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "ttls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/freeradius/certs/key-radius-staff.pem"
tls: certificate_file = "/etc/freeradius/certs/cert-radius-staff.pem"
tls: CA_file = "/etc/freeradius/certs/unimr-ssl-ca.pem"
tls: private_key_password = "omihnl"
tls: dh_file = "/etc/freeradius/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work!
WARNING: Fix this by running the OpenSSL command listed in eap.conf
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = yes
ttls: use_tunneled_reply = yes
rlm_eap: Loaded and initialized type ttls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/freeradius/huntgroups"
preprocess: hints = "/etc/freeradius/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/freeradius/users"
files: acctusersfile = "/etc/freeradius/acct_users"
files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
--------------------------- Now the EAP conversation ----------------------------
rad_recv: Access-Request packet from host 192.168.75.247:1645, id=47, length=136
User-Name = "anonymous"
Framed-MTU = 1400
Called-Station-Id = "0013.8011.9a60"
Calling-Station-Id = "0018.decc.af5f"
Service-Type = Login-User
Message-Authenticator = 0xfca416db4cadc5cd8d623f4ffa044a8c
EAP-Message = 0x0202000e01616e6f6e796d6f7573
NAS-Port-Type = Wireless-802.11
NAS-Port = 1077
NAS-IP-Address = 192.168.75.247
NAS-Identifier = "warz003"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 2 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall[authorize]: module "files" returns notfound for request 3
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 47 to 192.168.75.247 port 1645
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x90e816dcec17882e035976d1081fbf9c
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.75.247:1645, id=48, length=200
User-Name = "anonymous"
Framed-MTU = 1400
Called-Station-Id = "0013.8011.9a60"
Calling-Station-Id = "0018.decc.af5f"
Service-Type = Login-User
Message-Authenticator = 0x47f848aca44779c6fe8451fd18e46ec8
EAP-Message = 0x0203003c158000000032160301002d01000029030118e9b132c7808e219ee90a0861130998e95ddde2e6cc192ebf55af97907d967d000002000a0100
NAS-Port-Type = Wireless-802.11
NAS-Port = 1077
State = 0x90e816dcec17882e035976d1081fbf9c
NAS-IP-Address = 192.168.75.247
NAS-Identifier = "warz003"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 3 length 60
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall[authorize]: module "files" returns notfound for request 4
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06c4], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 48 to 192.168.75.247 port 1645
EAP-Message = 0x0104040a15c000000721160301004a020000460301472724a3f12ef9d27b81a1de39e0df087e3fe05bf25a3286f8f7c3b660f5c5b220bfee9fee4cbf509b91f36992d5e1064063ca128700a209fa5dd265ca771f3f0e000a0016030106c40b0006c00006bd0006ba308206b63082059ea003020102020200bb300d06092a864886f70d0101040500308181310b3009060355040613024445311d301b060355040a1314556e69766572736974616574204d617262757267312d302b06035504031324582e3530392043657274696669636174696f6e20417574686f72697479202832303034293124302206092a864886f70d010901161573736c2d6361
EAP-Message = 0x40756e692d6d6172627572672e6465301e170d3037303331393133313531305a170d3038303131333133313531305a3081c6310b3009060355040613024445310f300d0603550408130648657373656e3110300e060355040713074d617262757267311e301c060355040a13155068696c697070732d556e69766572736974616574311f301d060355040b1316486f6368736368756c72656368656e7a656e7472756d312430220603550403131b5261646975732e53746166662e556e692d4d6172627572672e4445312d302b06092a864886f70d010901161e756d726e65742d7465616d4068727a2e756e692d6d6172627572672e646530819f300d
EAP-Message = 0x06092a864886f70d010101050003818d0030818902818100a7b25329a57dcf9f4045f7ca2582b5dfd6c8979bdf109e1cc8acd71fd527c570f0b01e088a4cd1ad922dfa7dece1be7cf36f8b6557008ecc84335d15a02852639b27f38ae4da2adcde274eb0c678c88b7fa1491f9aeda8c817362cf263c13fe3a93377eff7dfa5fda65aa8865f21a757c93c0352b1ea493994cbac1ad290687d0203010001a38203733082036f300c0603551d130101ff04023000300b0603551d0f0404030205a030130603551d25040c300a06082b06010505070301301d0603551d0e04160414a103cee748c398670ec57153cf72f7429b6568533081dc0603551d2304
EAP-Message = 0x81d43081d180142fd7076c8060bddab7344958057dd6211b9b6fd8a181b2a481af3081ac310b30090603550406130244453121301f060355040a131844657574736368657320466f72736368756e67736e65747a31163014060355040b130d44464e2d4345525420476d62483110300e060355040b130744464e2d504341312d302b0603550403132444464e20546f706c6576656c2043657274696669636174696f6e20417574686f726974793121301f06092a864886f70d010901161263657274696679407063612e64666e2e64658204042c914130290603551d1104223020811e756d726e65742d7465616d4068727a2e756e692d6d6172627572
EAP-Message = 0x672e646530090603551d12040230003081950603551d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbec9e2e7eaa839c8f4518fd18ce5812c
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.75.247:1645, id=49, length=146
User-Name = "anonymous"
Framed-MTU = 1400
Called-Station-Id = "0013.8011.9a60"
Calling-Station-Id = "0018.decc.af5f"
Service-Type = Login-User
Message-Authenticator = 0xcd6073f073f94d232526a17acdd917cf
EAP-Message = 0x020400061500
NAS-Port-Type = Wireless-802.11
NAS-Port = 1077
State = 0xbec9e2e7eaa839c8f4518fd18ce5812c
NAS-IP-Address = 192.168.75.247
NAS-Identifier = "warz003"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall[authorize]: module "files" returns notfound for request 5
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 49 to 192.168.75.247 port 1645
EAP-Message = 0x0105032b1580000007211f04818d30818a3043a041a03f863d687474703a2f2f7777772e756e692d6d6172627572672e64652f68727a2f73657276696365732f73736c2d63612f323030342f73736c2d63612e6372783043a041a03f863d687474703a2f2f7777772e756e692d6d6172627572672e64652f68727a2f73657276696365732f73736c2d63612f323030342f73736c2d63612e63726c301106096086480186f8420101040403020640303d06096086480186f84201020430162e687474703a2f2f7777772e756e692d6d6172627572672e64652f68727a2f73657276696365732f73736c2d63612f304106096086480186f8420108043416
EAP-Message = 0x32687474703a2f2f7777772e7063612e64666e2e64652f64666e7063612f706f6c6963792f777777706f6c6963792e68746d6c3081db06096086480186f842010d0481cd1681ca546869732063657274696669636174652077617320697373756564206279207468652053534c2043410a6f6620746865205068696c6970707320556e6976657273697479204d6172627572672c204765726d616e792e0a466f72206675727468657220696e666f726d6174696f6e20706c6561736520706f696e7420796f7572206661766f75726974650a5765622042726f7773657220746f0a687474703a2f2f7777772e756e692d6d6172627572672e64652f6872
EAP-Message = 0x7a2f73657276696365732f73736c2d63612f202e300d06092a864886f70d010104050003820101007ff9ef1d9c04f8e22415b1f74c7a20f6865b231c7c12fc90064b14c4c3489b577b0b0e0b606091de3f3dc6e5d09237c6ed27969915479522009c73f666d306309e34398df72d4349ccae354b9e723ff03ddf1a2147a09dfab2cba0a2eebf0bced6278be2c305f75a3f09b5a39833f438d1e18ad58ee3da35d0d2fdc11c7ed822370bb0b368ee80e4e42143425661f20b18bbd458fb6cecf6237f9714af076ea338b45cf03a165741a81712e0127620789d2450233c6135700048148efa0d7dc46c4155905bdd89bf630524c960a288b47e254feaa5
EAP-Message = 0xe8c2de0a76e2259f3ad7b54afd7ec1420928d2d0dca289a121cba633073fcaa07fe0bd6b2293f42227d00f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8e7573394ea8f9f58ca7a725d6852aa4
Finished request 5
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 47 with timestamp 472724a3
Cleaning up request 4 ID 48 with timestamp 472724a3
Cleaning up request 5 ID 49 with timestamp 472724a3
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.75.247:1645, id=50, length=136
User-Name = "anonymous"
Framed-MTU = 1400
Called-Station-Id = "0013.8011.9a60"
Calling-Station-Id = "0018.decc.af5f"
Service-Type = Login-User
Message-Authenticator = 0x992ff1c2c9770439d989157ffebd90e3
EAP-Message = 0x0201000e01616e6f6e796d6f7573
NAS-Port-Type = Wireless-802.11
NAS-Port = 1078
NAS-IP-Address = 192.168.75.247
NAS-Identifier = "warz003"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
modcall[authorize]: module "files" returns notfound for request 6
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 50 to 192.168.75.247 port 1645
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x16e504561504244a150659018be695aa
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.75.247:1645, id=51, length=136
User-Name = "anonymous"
Framed-MTU = 1400
Called-Station-Id = "0013.8011.9a60"
Calling-Station-Id = "0018.decc.af5f"
Service-Type = Login-User
Message-Authenticator = 0x0c100489fd8c2198b35376fa9a9e58ea
EAP-Message = 0x0203000e01616e6f6e796d6f7573
NAS-Port-Type = Wireless-802.11
NAS-Port = 1078
NAS-IP-Address = 192.168.75.247
NAS-Identifier = "warz003"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 3 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
modcall[authorize]: module "files" returns notfound for request 7
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 51 to 192.168.75.247 port 1645
EAP-Message = 0x010400061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0e968b1d48e923f2d0f659205a8734fc
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.75.247:1645, id=52, length=200
User-Name = "anonymous"
Framed-MTU = 1400
Called-Station-Id = "0013.8011.9a60"
Calling-Station-Id = "0018.decc.af5f"
Service-Type = Login-User
Message-Authenticator = 0x0bd73c4dafc4b09b305e403cc6f0b8f8
EAP-Message = 0x0204003c158000000032160301002d0100002903019034a3764181867ef4d75ce71605ce439dcbe684c9eccae4acd8cf15fc9e07ea000002000a0100
NAS-Port-Type = Wireless-802.11
NAS-Port = 1078
State = 0x0e968b1d48e923f2d0f659205a8734fc
NAS-IP-Address = 192.168.75.247
NAS-Identifier = "warz003"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 4 length 60
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
modcall[authorize]: module "files" returns notfound for request 8
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06c4], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 52 to 192.168.75.247 port 1645
EAP-Message = 0x0105040a15c000000721160301004a020000460301472724c19cf50e6bd75f97c0fc3859f33f37b69424d5bd7bce85bdd37ff989a220a44484ec21d75b10cfa8f6bf2ab7334a07c9ec560f963aa1c462a33a50808772000a0016030106c40b0006c00006bd0006ba308206b63082059ea003020102020200bb300d06092a864886f70d0101040500308181310b3009060355040613024445311d301b060355040a1314556e69766572736974616574204d617262757267312d302b06035504031324582e3530392043657274696669636174696f6e20417574686f72697479202832303034293124302206092a864886f70d010901161573736c2d6361
EAP-Message = 0x40756e692d6d6172627572672e6465301e170d3037303331393133313531305a170d3038303131333133313531305a3081c6310b3009060355040613024445310f300d0603550408130648657373656e3110300e060355040713074d617262757267311e301c060355040a13155068696c697070732d556e69766572736974616574311f301d060355040b1316486f6368736368756c72656368656e7a656e7472756d312430220603550403131b5261646975732e53746166662e556e692d4d6172627572672e4445312d302b06092a864886f70d010901161e756d726e65742d7465616d4068727a2e756e692d6d6172627572672e646530819f300d
EAP-Message = 0x06092a864886f70d010101050003818d0030818902818100a7b25329a57dcf9f4045f7ca2582b5dfd6c8979bdf109e1cc8acd71fd527c570f0b01e088a4cd1ad922dfa7dece1be7cf36f8b6557008ecc84335d15a02852639b27f38ae4da2adcde274eb0c678c88b7fa1491f9aeda8c817362cf263c13fe3a93377eff7dfa5fda65aa8865f21a757c93c0352b1ea493994cbac1ad290687d0203010001a38203733082036f300c0603551d130101ff04023000300b0603551d0f0404030205a030130603551d25040c300a06082b06010505070301301d0603551d0e04160414a103cee748c398670ec57153cf72f7429b6568533081dc0603551d2304
EAP-Message = 0x81d43081d180142fd7076c8060bddab7344958057dd6211b9b6fd8a181b2a481af3081ac310b30090603550406130244453121301f060355040a131844657574736368657320466f72736368756e67736e65747a31163014060355040b130d44464e2d4345525420476d62483110300e060355040b130744464e2d504341312d302b0603550403132444464e20546f706c6576656c2043657274696669636174696f6e20417574686f726974793121301f06092a864886f70d010901161263657274696679407063612e64666e2e64658204042c914130290603551d1104223020811e756d726e65742d7465616d4068727a2e756e692d6d6172627572
EAP-Message = 0x672e646530090603551d12040230003081950603551d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf64bcd7ab184104b28fe791bc4534cc7
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.75.247:1645, id=53, length=146
User-Name = "anonymous"
Framed-MTU = 1400
Called-Station-Id = "0013.8011.9a60"
Calling-Station-Id = "0018.decc.af5f"
Service-Type = Login-User
Message-Authenticator = 0xfce71b18a6dc790150378ea46f150da9
EAP-Message = 0x020500061500
NAS-Port-Type = Wireless-802.11
NAS-Port = 1078
State = 0xf64bcd7ab184104b28fe791bc4534cc7
NAS-IP-Address = 192.168.75.247
NAS-Identifier = "warz003"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
modcall[authorize]: module "files" returns notfound for request 9
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 53 to 192.168.75.247 port 1645
EAP-Message = 0x0106032b1580000007211f04818d30818a3043a041a03f863d687474703a2f2f7777772e756e692d6d6172627572672e64652f68727a2f73657276696365732f73736c2d63612f323030342f73736c2d63612e6372783043a041a03f863d687474703a2f2f7777772e756e692d6d6172627572672e64652f68727a2f73657276696365732f73736c2d63612f323030342f73736c2d63612e63726c301106096086480186f8420101040403020640303d06096086480186f84201020430162e687474703a2f2f7777772e756e692d6d6172627572672e64652f68727a2f73657276696365732f73736c2d63612f304106096086480186f8420108043416
EAP-Message = 0x32687474703a2f2f7777772e7063612e64666e2e64652f64666e7063612f706f6c6963792f777777706f6c6963792e68746d6c3081db06096086480186f842010d0481cd1681ca546869732063657274696669636174652077617320697373756564206279207468652053534c2043410a6f6620746865205068696c6970707320556e6976657273697479204d6172627572672c204765726d616e792e0a466f72206675727468657220696e666f726d6174696f6e20706c6561736520706f696e7420796f7572206661766f75726974650a5765622042726f7773657220746f0a687474703a2f2f7777772e756e692d6d6172627572672e64652f6872
EAP-Message = 0x7a2f73657276696365732f73736c2d63612f202e300d06092a864886f70d010104050003820101007ff9ef1d9c04f8e22415b1f74c7a20f6865b231c7c12fc90064b14c4c3489b577b0b0e0b606091de3f3dc6e5d09237c6ed27969915479522009c73f666d306309e34398df72d4349ccae354b9e723ff03ddf1a2147a09dfab2cba0a2eebf0bced6278be2c305f75a3f09b5a39833f438d1e18ad58ee3da35d0d2fdc11c7ed822370bb0b368ee80e4e42143425661f20b18bbd458fb6cecf6237f9714af076ea338b45cf03a165741a81712e0127620789d2450233c6135700048148efa0d7dc46c4155905bdd89bf630524c960a288b47e254feaa5
EAP-Message = 0xe8c2de0a76e2259f3ad7b54afd7ec1420928d2d0dca289a121cba633073fcaa07fe0bd6b2293f42227d00f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x194813969de6dafbfed1a83597dc3f1b
Finished request 9
--
Dr. Martin Pauly Fax: 49-6421-28-26994
HRZ Univ. Marburg Phone: 49-6421-28-23527
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
More information about the Freeradius-Users
mailing list