LOGs of eap-tls authentication (inelec communication)

inelec communication inelec_communication at yahoo.fr
Tue Sep 11 10:39:38 CEST 2007


Hello,
   
  you have no logs in your radius.log file because you are running in debug mode , you have to run in normal mode to get the logs, so what you have to do is the following:
  first stop your debug mode by this command: service radiusd stop; then  restart the service radius by: service radiusd restart; doing that you are in normal mode and you can do your wlan loging without any problem and you get your log.
   
  regards

anoop_c at sifycorp.com a écrit :
  
> Message: 3  > Date: Mon, 10 Sep 2007 10:23:19 +0200 (CEST)  > From: inelec communication   > Subject: RE : LOGs of eap-tls authentication  > To: FreeRadius users mailing list  Hi    Please find my result.The authentication is working well.The problem is logs are not in radius.log file.     [root at anoop fr1.1.7]# cat successlog         Message-Authenticator = 0x96080298cf8084c0a353d72c9e82a3aa          Service-Type = Framed-User          User-Name = \"anoop07\"          Framed-MTU = 1488          Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"          Calling-Station-Id = \"00-0E-35-F3-A1-67\"          NAS-Identifier = \"D-Link Access Point\"          NAS-Port-Type = Wireless-802.11          Connect-Info = \"CONNECT 54Mbps 802.11g\"          EAP-Message = 0x0200000c01616e6f6f703037          NAS-IP-Address = 192.168.0.50          NAS-Port = 1          NAS-Port-Id = \"STA port # 1\"    Processing the authorize section of radiusd.conf  modcall: entering group authorize for
 request 0    modcall[authorize]: module \"preprocess\" returns ok for request 0      rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL      rlm_realm: No such realm \"NULL\"    modcall[authorize]: module \"suffix\" returns noop for request 0    rlm_eap: EAP packet type response id 0 length 12    rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation    modcall[authorize]: module \"eap\" returns updated for request 0      users: Matched entry DEFAULT at line 153      users: Matched entry DEFAULT at line 172    modcall[authorize]: module \"files\" returns ok for request 0  modcall: leaving group authorize (returns updated) for request 0    rad_check_password:  Found Auth-Type EAP  auth: type \"EAP\"    Processing the authenticate section of radiusd.conf  modcall: entering group authenticate for request 0    rlm_eap: EAP Identity    rlm_eap: processing type tls   rlm_eap_tls: Requiring client certificate    rlm_eap_tls: Initiate    rlm_eap_tls:
 Start returned 1    modcall[authenticate]: module \"eap\" returns handled for request 0  modcall: leaving group authenticate (returns handled) for request 0  Sending Access-Challenge of id 0 to 192.168.0.50 port 1033          Framed-IP-Address = 255.255.255.254          Framed-MTU = 576          Service-Type = Framed-User          EAP-Message = 0x010100060d20          Message-Authenticator = 0x00000000000000000000000000000000          State = 0x8ab131c9d151752c61f18ffb09aa2c55  Finished request 0  Going to the next request  --- Walking the entire request list ---  Waking up in 6 seconds...  rad_recv: Access-Request packet from host 192.168.0.50:1033, id=1, length=299          Message-Authenticator = 0xe6d7ba1e4458e637c60740bc57383f9e          Service-Type = Framed-User          User-Name = \"anoop07\"          Framed-MTU = 1488          State = 0x8ab131c9d151752c61f18ffb09aa2c55          Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"          Calling-Station-Id =
 \"00-0E-35-F3-A1-67\"          NAS-Identifier = \"D-Link Access Point\"          NAS-Port-Type = Wireless-802.11          Connect-Info = \"CONNECT 54Mbps 802.11g\"          EAP-Message = 0x020100600d800000005616030100510100004d030146e4c9b422a11c 6b0c2a9c5e74b8a0de5e3eb0e1d8a15f49cb7cbf83ad04116a105892c006371829ccf94f1dcdc6d8 3e3d001600040005000a000900640062000300060013001200630100          NAS-IP-Address = 192.168.0.50          NAS-Port = 1          NAS-Port-Id = \"STA port # 1\"    Processing the authorize section of radiusd.conf  modcall: entering group authorize for request 1    modcall[authorize]: module \"preprocess\" returns ok for request 1      rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL      rlm_realm: No such realm \"NULL\"    modcall[authorize]: module \"suffix\" returns noop for request 1    rlm_eap: EAP packet type response id 1 length 96    rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation    modcall[authorize]:
 module \"eap\" returns updated for request 1      users: Matched entry DEFAULT at line 153      users: Matched entry DEFAULT at line 172    modcall[authorize]: module \"files\" returns ok for request 1  modcall: leaving group authorize (returns updated) for request 1    rad_check_password:  Found Auth-Type EAP  auth: type \"EAP\"    Processing the authenticate section of radiusd.conf  modcall: entering group authenticate for request 1    rlm_eap: Request found, released from the list    rlm_eap: EAP/tls    rlm_eap: processing type tls    rlm_eap_tls: Authenticate    rlm_eap_tls: processing TLS  rlm_eap_tls:  Length Included    eaptls_verify returned 11      (other): before/accept initialization      TLS_accept: before/accept initialization    rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello      TLS_accept: SSLv3 read client hello A    rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello      TLS_accept: SSLv3 write server hello A    rlm_eap_tls: >>>
 TLS 1.0 Handshake [length 04be], Certificate      TLS_accept: SSLv3 write certificate A    rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest      TLS_accept: SSLv3 write certificate request A      TLS_accept: SSLv3 flush data      TLS_accept: Need to read more data: SSLv3 read client certificate A  In SSL Handshake Phase  In SSL Accept mode    eaptls_process returned 13    modcall[authenticate]: module \"eap\" returns handled for request 1  modcall: leaving group authenticate (returns handled) for request 1  Sending Access-Challenge of id 1 to 192.168.0.50 port 1033          Framed-IP-Address = 255.255.255.254          Framed-MTU = 576          Service-Type = Framed-User          EAP-Message = 0x0102040a0dc000000563160301004a02000046030146e4c9b59eb2f0 eb1e4eff23a4604203f5da0d54bd36842f27464dc2af678d07203e33b80dee1b655fafab80ece953 ac778f9d578cced14cc8f23c7e0e2c4335b800040016030104be0b0004ba0004b700022b30820227
 30820190a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302 494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313 0730377877696669301e170d3037303131333037353834305a170d3038303131333037353834305a 305f310b300906035504061302494e310b3009060355040813          EAP-Message = 0x02544e310d300b060355040a1304536966793110300e060355040313 07303778776966693122302006092a864886f70d01090116136a65796b756d61725f734073696679 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c6f366d39a74d8 b66b561628be123f18f9b0a71f09b98d21b990e9a987d9acf3ceabd01df377e13da987a23f244496 dfc0609e99ee03a9f44e51033cbb84c814d9d3225aacc7c67786fcd193d57c3f5ac16d7d1b835701 52edca9ba9ff99ca4feffcb244551292fad52026afda1f876205e84a26b81cebd89fa03fd97e5f7f db0203010001a317301530130603551d25040c300a06082b06          EAP-Message = 0x010505070301300d06092a864886f70d010104050003818100a4cbb4
 e6e8190d840edc9e61637a38ffa423b2a67e8d308c3005b8ec18318e94ddddbac0ccb1a15780c285 de01622608f4caded74bab6f0c9d44dfdeb648e46bdd4de3606e4c7f86e5f86472722db409baffdb 78eb6c7ad267a623e1155af13de26e83f3ce29b4f82baf551b756d2f49e5691cc1d80f6fb253b11e 7a15bf296000028630820282308201eba003020102020100300d06092a864886f70d010104050030 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 66793110300e0603550403130730377877696669301e170d30          EAP-Message = 0x37303131333037353830305a170d3038303131333037353830305a30 3b310b300906035504061302494e310b300906035504081302544e310d300b060355040a13045369 66793110300e060355040313073037787769666930819f300d06092a864886f70d01010105000381 8d0030818902818100ec232cf24bd548a586d614994a3f3b9ee699eb64a3bf9a0c90d7bc8afb3984 2c767c3613757b8d38a78ceaa6a499be55dcf997abb9963b3ef406b39f766054d8e37d35859e6bd5 ce686c01eb63a25684afb79cd6796193355bd3ae67eae642701a34d1bc93426ade87434dadfbc8a8
 b0cae8137d97d2a267973f2213ebeefcfd0203010001a38195          EAP-Message = 0x308192301d0603551d0e04160414095ab44cec0cb80f          Message-Authenticator = 0x00000000000000000000000000000000          State = 0xf4654b6a22307d938c91831ef0396b8e  Finished request 1  Going to the next request  Waking up in 6 seconds...  rad_recv: Access-Request packet from host 192.168.0.50:1033, id=2, length=209          Message-Authenticator = 0x5dc14e6f1f5361ad60a06d2bffa9e4a9          Service-Type = Framed-User          User-Name = \"anoop07\"          Framed-MTU = 1488          State = 0xf4654b6a22307d938c91831ef0396b8e          Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"          Calling-Station-Id = \"00-0E-35-F3-A1-67\"          NAS-Identifier = \"D-Link Access Point\"          NAS-Port-Type = Wireless-802.11          Connect-Info = \"CONNECT 54Mbps 802.11g\"          EAP-Message = 0x020200060d00          NAS-IP-Address = 192.168.0.50          NAS-Port = 1          NAS-Port-Id =
 \"STA port # 1\"    Processing the authorize section of radiusd.conf  modcall: entering group authorize for request 2    modcall[authorize]: module \"preprocess\" returns ok for request 2      rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL      rlm_realm: No such realm \"NULL\"    modcall[authorize]: module \"suffix\" returns noop for request 2    rlm_eap: EAP packet type response id 2 length 6    rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation    modcall[authorize]: module \"eap\" returns updated for request 2      users: Matched entry DEFAULT at line 153      users: Matched entry DEFAULT at line 172    modcall[authorize]: module \"files\" returns ok for request 2  modcall: leaving group authorize (returns updated) for request 2    rad_check_password:  Found Auth-Type EAP  auth: type \"EAP\"    Processing the authenticate section of radiusd.conf  modcall: entering group authenticate for request 2    rlm_eap: Request found,
 released from the list    rlm_eap: EAP/tls    rlm_eap: processing type tls    rlm_eap_tls: Authenticate    rlm_eap_tls: processing TLS  rlm_eap_tls: Received EAP-TLS ACK message    rlm_eap_tls: ack handshake fragment handler    eaptls_verify returned 1    eaptls_process returned 13    modcall[authenticate]: module \"eap\" returns handled for request 2  modcall: leaving group authenticate (returns handled) for request 2  Sending Access-Challenge of id 2 to 192.168.0.50 port 1033          Framed-IP-Address = 255.255.255.254          Framed-MTU = 576          Service-Type = Framed-User          EAP-Message = 0x0103016d0d80000005638c150861ea8bc609ed3cfbc030630603551d 23045c305a8014095ab44cec0cb80f8c150861ea8bc609ed3cfbc0a13fa43d303b310b3009060355 04061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603 550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d01
 010405000381810019a69104ce7b395ddbb7a05ae632f71c590ba34e71b9a57cbe952eabed153fda cb07eb1c8d6db397f1f47a687103025a91b0431e73beac6e788de0af02e7d49e35808652dc4b2db6 0ccbcef9245239c47c785fb5c78c79ed7dd22d60ab6c19727e          EAP-Message = 0xaa68ec38e3fc5b6e7716741e1f56eba981970face974b560ba07450e cdf817160301004c0d000044020102003f003d303b310b300906035504061302494e310b30090603 5504081302544e310d300b060355040a1304536966793110300e0603550403130730377877696669 0e000000          Message-Authenticator = 0x00000000000000000000000000000000          State = 0x378a0c3727565af6c193024a8be476bc  Finished request 2  Going to the next request  Waking up in 6 seconds...  rad_recv: Access-Request packet from host 192.168.0.50:1033, id=3, length=1100          Message-Authenticator = 0x2261a2046965f5b6c67629831b5ef1f5          Service-Type = Framed-User          User-Name = \"anoop07\"          Framed-MTU = 1488          State = 0x378a0c3727565af6c193024a8be476bc          Called-Station-Id =
 \"00-0F-3D-AF-DD-C1:default\"          Calling-Station-Id = \"00-0E-35-F3-A1-67\"          NAS-Identifier = \"D-Link Access Point\"          NAS-Port-Type = Wireless-802.11          Connect-Info = \"CONNECT 54Mbps 802.11g\"          EAP-Message = 0x0203037b0d800000037116030103410b00023100022e00022b308202 2730820190a003020102020106300d06092a864886f70d0101040500303b310b3009060355040613 02494e310b300906035504081302544e310d300b060355040a1304536966793110300e0603550403 130730377877696669301e170d3037303131373033303230385a170d303830313137303330323038 5a305f310b300906035504061302494e310b300906035504081302544e310d300b060355040a1304 536966793110300e06035504031307616e6f6f7030373122302006092a864886f70d01090116136a 65796b756d61725f7340736966792e636f6d30819f300d0609          EAP-Message = 0x2a864886f70d010101050003818d0030818902818100c530f10ae7bd 0f0fbd6bbafbcd48532c054b9afd474b7cd7ce6aa0291d664476bb1d9d143cfb4c713f5b47b5e636
 3f6ceed4c3bc51ef1a35c84a100bb17b262f38923947a12f1e288ffe57fccfa92e6d12da42d9016a 8da5c07c7705c2156da206d76fd569ca589fdca309fd1703fec4b5fa77ee1257b5b9514e39b4d79d 601f0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886 f70d01010405000381810089c51110b91d0135f1a99f29ea922ff1a7738195963017d2d9dd32c81d 2782210b1329644559fc746cb77ce6f707f50efe3aa155b3d9          EAP-Message = 0x36f15183865793097ff4207baac2d26153f81f177377493db3d2a52d b063b7668b57bc0e575401a6da093e5abd9a0f147810eaf1ee2967bc2252afe0bf8b7b678914895c c3190f22eb7a1000008200803ea26a8f1b684b4c6f76f7ca07e3b3d0dd71dd459cd90f96868faf38 253fc9970fbc3e19efb321e353e982314b42e8bb66aa5b1ee540a4810d8a48a1615b8af8657a9b38 cc1caf7da1966813de8f59f372c63c4cbac4dd3ad7877bcc8fba80ca799f52efcdee1b541461ef7e 65948840305e0dbcc845d069765955affbf8b41e0f0000820080588771eb658b2403ce711f921da6 27e0b633993385a5dc7d249503ecc0c84f7bdefc5bf34c20a9          EAP-Message =
 0x4b18930f40b19d87ea7d1819aa00d2e42ea7fed5f4ad7d327a0a6eee 2b2c5915e86f5c4399e75af08982a3462b8b65478ef1c88592679fd3de147e0b1153e54c4e97c8e5 3119db0b0c62b47ec818386db914820c02f63071781403010001011603010020761ad2fae86d1219 94064ff99a0de5bc0eb15df5bafe1a75fcfa20f285db803a          NAS-IP-Address = 192.168.0.50          NAS-Port = 1          NAS-Port-Id = \"STA port # 1\"    Processing the authorize section of radiusd.conf  modcall: entering group authorize for request 3    modcall[authorize]: module \"preprocess\" returns ok for request 3      rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL      rlm_realm: No such realm \"NULL\"    modcall[authorize]: module \"suffix\" returns noop for request 3    rlm_eap: EAP packet type response id 3 length 253    rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation    modcall[authorize]: module \"eap\" returns updated for request 3      users: Matched entry DEFAULT at line 153      users: Matched entry
 DEFAULT at line 172    modcall[authorize]: module \"files\" returns ok for request 3  modcall: leaving group authorize (returns updated) for request 3    rad_check_password:  Found Auth-Type EAP  auth: type \"EAP\"    Processing the authenticate section of radiusd.conf  modcall: entering group authenticate for request 3    rlm_eap: Request found, released from the list    rlm_eap: EAP/tls    rlm_eap: processing type tls    rlm_eap_tls: Authenticate    rlm_eap_tls: processing TLS  rlm_eap_tls:  Length Included    eaptls_verify returned 11    rlm_eap_tls: <<< TLS 1.0 Handshake [length 0235], Certificate  chain-depth=1,  error=0  --> User-Name = anoop07  --> BUF-Name = 07xwifi  --> subject = /C=IN/ST=TN/O=Sify/CN=07xwifi  --> issuer  = /C=IN/ST=TN/O=Sify/CN=07xwifi  --> verify return:1  chain-depth=0,  error=0  --> User-Name = anoop07  --> BUF-Name = anoop07  --> subject = /C=IN/ST=TN/O=Sify/CN=anoop07/emailAddress=jeykumar_s at sify.com  --> issuer  =
 /C=IN/ST=TN/O=Sify/CN=07xwifi  --> verify return:1      TLS_accept: SSLv3 read client certificate A    rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange      TLS_accept: SSLv3 read client key exchange A    rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify      TLS_accept: SSLv3 read certificate verify A    rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]    rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished      TLS_accept: SSLv3 read finished A    rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]      TLS_accept: SSLv3 write change cipher spec A    rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished      TLS_accept: SSLv3 write finished A      TLS_accept: SSLv3 flush data      (other): SSL negotiation finished successfully  SSL Connection Established    eaptls_process returned 13    modcall[authenticate]: module \"eap\" returns handled for request 3  modcall: leaving group authenticate (returns handled) for
 request 3  Sending Access-Challenge of id 3 to 192.168.0.50 port 1033          Framed-IP-Address = 255.255.255.254          Framed-MTU = 576          Service-Type = Framed-User          EAP-Message = 0x010400350d800000002b1403010001011603010020324ac90185d18d e8ead736d798e140ed642aeb31ff52849b3aa5b6f021c5aec0          Message-Authenticator = 0x00000000000000000000000000000000          State = 0x5ffef94eee0c0123922689d2e6c2fe8e  Finished request 3  Going to the next request  Waking up in 6 seconds...  --- Walking the entire request list ---  Cleaning up request 0 ID 0 with timestamp 46e4c9b5  Cleaning up request 1 ID 1 with timestamp 46e4c9b5  Cleaning up request 2 ID 2 with timestamp 46e4c9b5  Cleaning up request 3 ID 3 with timestamp 46e4c9b5  Nothing to do.  Sleeping until we see a request.  rad_recv: Access-Request packet from host 192.168.0.50:1033, id=4, length=209          Message-Authenticator = 0x221fc85bf9fb820395d9c8484a3fdabc          Service-Type = Framed-User  
        User-Name = \"anoop07\"          Framed-MTU = 1488          State = 0x5ffef94eee0c0123922689d2e6c2fe8e          Called-Station-Id = \"00-0F-3D-AF-DD-C1:default\"          Calling-Station-Id = \"00-0E-35-F3-A1-67\"          NAS-Identifier = \"D-Link Access Point\"          NAS-Port-Type = Wireless-802.11          Connect-Info = \"CONNECT 54Mbps 802.11g\"          EAP-Message = 0x020400060d00          NAS-IP-Address = 192.168.0.50          NAS-Port = 1          NAS-Port-Id = \"STA port # 1\"    Processing the authorize section of radiusd.conf  modcall: entering group authorize for request 4    modcall[authorize]: module \"preprocess\" returns ok for request 4      rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL      rlm_realm: No such realm \"NULL\"    modcall[authorize]: module \"suffix\" returns noop for request 4    rlm_eap: EAP packet type response id 4 length 6    rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation   
 modcall[authorize]: module \"eap\" returns updated for request 4      users: Matched entry DEFAULT at line 153      users: Matched entry DEFAULT at line 172    modcall[authorize]: module \"files\" returns ok for request 4  modcall: leaving group authorize (returns updated) for request 4    rad_check_password:  Found Auth-Type EAP  auth: type \"EAP\"    Processing the authenticate section of radiusd.conf  modcall: entering group authenticate for request 4    rlm_eap: Request found, released from the list    rlm_eap: EAP/tls    rlm_eap: processing type tls    rlm_eap_tls: Authenticate    rlm_eap_tls: processing TLS  rlm_eap_tls: Received EAP-TLS ACK message    rlm_eap_tls: ack handshake is finished    eaptls_verify returned 3    eaptls_process returned 3    rlm_eap: Freeing handler    modcall[authenticate]: module \"eap\" returns ok for request 4  modcall: leaving group authenticate (returns ok) for request 4  Sending Access-Accept of id 4 to 192.168.0.50 port 1033         
 Framed-IP-Address = 255.255.255.254          Framed-MTU = 576          Service-Type = Framed-User          MS-MPPE-Recv-Key = 0x428d07c24a61cd12f49c7b51f54e36b19dce6fa5e42d393221d 043784abdc995          MS-MPPE-Send-Key = 0x55f256119e8b41171ac594ea1a871d302fff183d06365a3505b 6a6786eee1fc5          EAP-Message = 0x03040004          Message-Authenticator = 0x00000000000000000000000000000000          User-Name = \"anoop07\"  Finished request 4  Going to the next request  --- Walking the entire request list ---  Waking up in 6 seconds...  --- Walking the entire request list ---  Cleaning up request 4 ID 4 with timestamp 46e4c9bc  Nothing to do.  Sleeping until we see a request.            [root at anoop fr1.1.7]#          >    > Message-ID: <60722.76768.qm at web26011.mail.ukl.yahoo.com>  > Content-Type: text/plain; charset=\"iso-8859-1\"  >   > hello,  >   running radius in debug mode doesn\'t give any log file ,i meen it  > doesn\'t give logs in radiusd.log ;  if you give me  your
 result when you  > have rubn radiusd -X -A perhaps i can help  >      >   regards  >     > 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

       
---------------------------------
 Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070911/5b4b8171/attachment.html>


More information about the Freeradius-Users mailing list