LOGs of eap-tls authentication (inelec communication)

anoop_c at sifycorp.com anoop_c at sifycorp.com
Mon Sep 10 12:35:26 CEST 2007


> Message: 3
> Date: Mon, 10 Sep 2007 10:23:19 +0200 (CEST)
> From: inelec communication <inelec_communication at yahoo.fr>
> Subject: RE : LOGs of eap-tls authentication
> To: FreeRadius users mailing list
Hi
  Please find my result.The authentication is working well.The problem is logs are not in radius.log file.

 [root at anoop fr1.1.7]# cat successlog
       Message-Authenticator = 0x96080298cf8084c0a353d72c9e82a3aa
        Service-Type = Framed-User
        User-Name = \"anoop07\"
        Framed-MTU = 1488
        Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x0200000c01616e6f6f703037
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module \"preprocess\" returns ok for request 0
    rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 0
  rlm_eap: EAP packet type response id 0 length 12
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 0
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module \"eap\" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 0 to 192.168.0.50 port 1033
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x010100060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x8ab131c9d151752c61f18ffb09aa2c55
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1033, id=1, length=299
        Message-Authenticator = 0xe6d7ba1e4458e637c60740bc57383f9e
        Service-Type = Framed-User
        User-Name = \"anoop07\"
        Framed-MTU = 1488
        State = 0x8ab131c9d151752c61f18ffb09aa2c55
        Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x020100600d800000005616030100510100004d030146e4c9b422a11c 6b0c2a9c5e74b8a0de5e3eb0e1d8a15f49cb7cbf83ad04116a105892c006371829ccf94f1dcdc6d8 3e3d001600040005000a000900640062000300060013001200630100
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module \"preprocess\" returns ok for request 1
    rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 1
  rlm_eap: EAP packet type response id 1 length 96
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 1
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 04be], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  modcall[authenticate]: module \"eap\" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 1 to 192.168.0.50 port 1033
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x0102040a0dc000000563160301004a02000046030146e4c9b59eb2f0 eb1e4eff23a4604203f5da0d54bd36842f27464dc2af678d07203e33b80dee1b655fafab80ece953 ac778f9d578cced14cc8f23c7e0e2c4335b800040016030104be0b0004ba0004b700022b30820227 30820190a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302 494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313 0730377877696669301e170d3037303131333037353834305a170d3038303131333037353834305a 305f310b300906035504061302494e310b3009060355040813
        EAP-Message = 0x02544e310d300b060355040a1304536966793110300e060355040313 07303778776966693122302006092a864886f70d01090116136a65796b756d61725f734073696679 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c6f366d39a74d8 b66b561628be123f18f9b0a71f09b98d21b990e9a987d9acf3ceabd01df377e13da987a23f244496 dfc0609e99ee03a9f44e51033cbb84c814d9d3225aacc7c67786fcd193d57c3f5ac16d7d1b835701 52edca9ba9ff99ca4feffcb244551292fad52026afda1f876205e84a26b81cebd89fa03fd97e5f7f db0203010001a317301530130603551d25040c300a06082b06
        EAP-Message = 0x010505070301300d06092a864886f70d010104050003818100a4cbb4 e6e8190d840edc9e61637a38ffa423b2a67e8d308c3005b8ec18318e94ddddbac0ccb1a15780c285 de01622608f4caded74bab6f0c9d44dfdeb648e46bdd4de3606e4c7f86e5f86472722db409baffdb 78eb6c7ad267a623e1155af13de26e83f3ce29b4f82baf551b756d2f49e5691cc1d80f6fb253b11e 7a15bf296000028630820282308201eba003020102020100300d06092a864886f70d010104050030 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 66793110300e0603550403130730377877696669301e170d30
        EAP-Message = 0x37303131333037353830305a170d3038303131333037353830305a30 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 66793110300e060355040313073037787769666930819f300d06092a864886f70d01010105000381 8d0030818902818100ec232cf24bd548a586d614994a3f3b9ee699eb64a3bf9a0c90d7bc8afb3984 2c767c3613757b8d38a78ceaa6a499be55dcf997abb9963b3ef406b39f766054d8e37d35859e6bd5 ce686c01eb63a25684afb79cd6796193355bd3ae67eae642701a34d1bc93426ade87434dadfbc8a8 b0cae8137d97d2a267973f2213ebeefcfd0203010001a38195
        EAP-Message = 0x308192301d0603551d0e04160414095ab44cec0cb80f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xf4654b6a22307d938c91831ef0396b8e
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1033, id=2, length=209
        Message-Authenticator = 0x5dc14e6f1f5361ad60a06d2bffa9e4a9
        Service-Type = Framed-User
        User-Name = \"anoop07\"
        Framed-MTU = 1488
        State = 0xf4654b6a22307d938c91831ef0396b8e
        Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x020200060d00
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module \"preprocess\" returns ok for request 2
    rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 2
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 2
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module \"eap\" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 2 to 192.168.0.50 port 1033
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x0103016d0d80000005638c150861ea8bc609ed3cfbc030630603551d 23045c305a8014095ab44cec0cb80f8c150861ea8bc609ed3cfbc0a13fa43d303b310b3009060355 04061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603 550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d01 010405000381810019a69104ce7b395ddbb7a05ae632f71c590ba34e71b9a57cbe952eabed153fda cb07eb1c8d6db397f1f47a687103025a91b0431e73beac6e788de0af02e7d49e35808652dc4b2db6 0ccbcef9245239c47c785fb5c78c79ed7dd22d60ab6c19727e
        EAP-Message = 0xaa68ec38e3fc5b6e7716741e1f56eba981970face974b560ba07450e cdf817160301004c0d000044020102003f003d303b310b300906035504061302494e310b30090603 5504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669 0e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x378a0c3727565af6c193024a8be476bc
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1033, id=3, length=1100
        Message-Authenticator = 0x2261a2046965f5b6c67629831b5ef1f5
        Service-Type = Framed-User
        User-Name = \"anoop07\"
        Framed-MTU = 1488
        State = 0x378a0c3727565af6c193024a8be476bc
        Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x0203037b0d800000037116030103410b00023100022e00022b308202 2730820190a003020102020106300d06092a864886f70d0101040500303b310b3009060355040613 02494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403 130730377877696669301e170d3037303131373033303230385a170d303830313137303330323038 5a305f310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304 536966793110300e06035504031307616e6f6f7030373122302006092a864886f70d01090116136a 65796b756d61725f7340736966792e636f6d30819f300d0609
        EAP-Message = 0x2a864886f70d010101050003818d0030818902818100c530f10ae7bd 0f0fbd6bbafbcd48532c054b9afd474b7cd7ce6aa0291d664476bb1d9d143cfb4c713f5b47b5e636 3f6ceed4c3bc51ef1a35c84a100bb17b262f38923947a12f1e288ffe57fccfa92e6d12da42d9016a 8da5c07c7705c2156da206d76fd569ca589fdca309fd1703fec4b5fa77ee1257b5b9514e39b4d79d 601f0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886 f70d01010405000381810089c51110b91d0135f1a99f29ea922ff1a7738195963017d2d9dd32c81d 2782210b1329644559fc746cb77ce6f707f50efe3aa155b3d9
        EAP-Message = 0x36f15183865793097ff4207baac2d26153f81f177377493db3d2a52d b063b7668b57bc0e575401a6da093e5abd9a0f147810eaf1ee2967bc2252afe0bf8b7b678914895c c3190f22eb7a1000008200803ea26a8f1b684b4c6f76f7ca07e3b3d0dd71dd459cd90f96868faf38 253fc9970fbc3e19efb321e353e982314b42e8bb66aa5b1ee540a4810d8a48a1615b8af8657a9b38 cc1caf7da1966813de8f59f372c63c4cbac4dd3ad7877bcc8fba80ca799f52efcdee1b541461ef7e 65948840305e0dbcc845d069765955affbf8b41e0f0000820080588771eb658b2403ce711f921da6 27e0b633993385a5dc7d249503ecc0c84f7bdefc5bf34c20a9
        EAP-Message = 0x4b18930f40b19d87ea7d1819aa00d2e42ea7fed5f4ad7d327a0a6eee 2b2c5915e86f5c4399e75af08982a3462b8b65478ef1c88592679fd3de147e0b1153e54c4e97c8e5 3119db0b0c62b47ec818386db914820c02f63071781403010001011603010020761ad2fae86d1219 94064ff99a0de5bc0eb15df5bafe1a75fcfa20f285db803a
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module \"preprocess\" returns ok for request 3
    rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 3
  rlm_eap: EAP packet type response id 3 length 253
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 3
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0235], Certificate
chain-depth=1,
error=0
--> User-Name = anoop07
--> BUF-Name = 07xwifi
--> subject = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> issuer  = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> verify return:1
chain-depth=0,
error=0
--> User-Name = anoop07
--> BUF-Name = anoop07
--> subject = /C=IN/ST=TN/O=Sify/CN=anoop07/emailAddress=jeykumar_s at sify.com
--> issuer  = /C=IN/ST=TN/O=Sify/CN=07xwifi
--> verify return:1
    TLS_accept: SSLv3 read client certificate A
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
    TLS_accept: SSLv3 read certificate verify A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  modcall[authenticate]: module \"eap\" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 3 to 192.168.0.50 port 1033
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x010400350d800000002b1403010001011603010020324ac90185d18d e8ead736d798e140ed642aeb31ff52849b3aa5b6f021c5aec0
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5ffef94eee0c0123922689d2e6c2fe8e
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 46e4c9b5
Cleaning up request 1 ID 1 with timestamp 46e4c9b5
Cleaning up request 2 ID 2 with timestamp 46e4c9b5
Cleaning up request 3 ID 3 with timestamp 46e4c9b5
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.0.50:1033, id=4, length=209
        Message-Authenticator = 0x221fc85bf9fb820395d9c8484a3fdabc
        Service-Type = Framed-User
        User-Name = \"anoop07\"
        Framed-MTU = 1488
        State = 0x5ffef94eee0c0123922689d2e6c2fe8e
        Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"
        Calling-Station-Id = \"00-0E-35-F3-A1-67\"
        NAS-Identifier = \"D-Link Access Point\"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = \"CONNECT 54Mbps 802.11g\"
        EAP-Message = 0x020400060d00
        NAS-IP-Address = 192.168.0.50
        NAS-Port = 1
        NAS-Port-Id = \"STA port # 1\"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module \"preprocess\" returns ok for request 4
    rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
    rlm_realm: No such realm \"NULL\"
  modcall[authorize]: module \"suffix\" returns noop for request 4
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
  modcall[authorize]: module \"eap\" returns updated for request 4
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module \"files\" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type \"EAP\"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap: Freeing handler
  modcall[authenticate]: module \"eap\" returns ok for request 4
modcall: leaving group authenticate (returns ok) for request 4
Sending Access-Accept of id 4 to 192.168.0.50 port 1033
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        MS-MPPE-Recv-Key = 0x428d07c24a61cd12f49c7b51f54e36b19dce6fa5e42d393221d 043784abdc995
        MS-MPPE-Send-Key = 0x55f256119e8b41171ac594ea1a871d302fff183d06365a3505b 6a6786eee1fc5
        EAP-Message = 0x03040004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = \"anoop07\"
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 4 with timestamp 46e4c9bc
Nothing to do.  Sleeping until we see a request.
  
 
 
[root at anoop fr1.1.7]#




> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <60722.76768.qm at web26011.mail.ukl.yahoo.com>
> Content-Type: text/plain; charset=\"iso-8859-1\"
> 
> hello,
>   running radius in debug mode doesn\'t give any log file ,i meen it
> doesn\'t give logs in radiusd.log ;  if you give me  your result when you
> have rubn radiusd -X -A perhaps i can help
>    
>   regards
>   
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070910/9e28c54a/attachment.html>


More information about the Freeradius-Users mailing list