eap/peap certificate problems?
David Hláčik
david at hlacik.eu
Mon Apr 21 20:41:25 CEST 2008
Hi, becouse for a period of time i was not able to add to my
working MSCHAPv2 for PPTPD with ldap radius configuration , i have copied a
fresh new radius configuration files and tried to configure just a simple
eap/peap for my wireless router.
I have CentOS 5.1 , but basically i have followed this howto
http://ubuntuforums.org/showthread.php?t=478804
I have my own CA , and my own server certificate , with X509 xpextension
support configured. I have installed as a trusted root CA certificate in my
Windows Vista SP1 Client computer, i am using simple testuser with Secret149
password defined in users file, but it still not works and complains about
certificates. My windows vista wirelless connection manager is showing my
server certificate as correct.
This is log file
Thanks!
D.
[root at sx2 raddb]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib64"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib64
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/pki/wireless/server_key.pem"
tls: certificate_file = "/etc/pki/wireless/server_cert.pem"
tls: CA_file = "/etc/pki/wireless/cacert.pem"
tls: private_key_password = "Pln192"
tls: dh_file = "/etc/pki/wireless/dh"
tls: random_file = "/etc/pki/wireless/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.123.42.11:3076, id=112,
length=165
User-Name = "boss"
NAS-IP-Address = 10.123.42.11
NAS-Port = 0
Called-Station-Id = "001cf05a2b71"
Calling-Station-Id = "001b77392d05"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000901626f7373
Message-Authenticator = 0x79fd10c2a79dd35bc6304d53524675e8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 112 to 10.123.42.11 port 3076
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x352e94993bcbb8a4249d7264d82f1829
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3076, id=113,
length=283
User-Name = "boss"
NAS-IP-Address = 10.123.42.11
NAS-Port = 0
Called-Station-Id = "001cf05a2b71"
Calling-Station-Id = "001b77392d05"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020100731980000000691603010064010000600301480cdacd6b3c5cf0b29cac484d2b3b6ec171038c6b943dd64181cfcd84fe6899000018002f00350005000ac009c00ac013c01400320038001300040100001f000000090007000004626f7373000a00080006001700180019000b00020100
State = 0x352e94993bcbb8a4249d7264d82f1829
Message-Authenticator = 0xd9e69c4f8fee707fadc9cb90c69bfea5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 115
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0064], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 064b], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 113 to 10.123.42.11 port 3076
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0102040a19c0000006a8160301004a020000460301480cdad46cd0e36489634b6d7e50a951e4b51c278c2dc04609fe3430936ddfbe20066fab6cce937dafb55c9c32a513910ca741e5ba99623744e649777ac10fc3c5002f00160301064b0b0006470006440002b6308202b23082021ba003020102020900e7477704fe0b606c300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06
EAP-Message =
0x092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135313033385a170d3039303432313135313033385a308192310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311e301c060355040313157378322e6c6162732e706f6c6172696f6e2e636f6d3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c100256ce017aaf9e613e4b6a5
EAP-Message =
0x203ba1912f3d46d2dbda44e425dac84656ee6e44979674b2cdb0d429478baad086f313d3b05e2c6daec28dde064e896b3829dad39e6bd4e84fb4dc70ab11f399e49da302ec5b4bd7de4312f3ade2ce17be200c063c50e96620ed89dac441f472b39f1957b8cb1f47c5bb06885f8e52d94f02a50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008e366b4ecc308504d941c865e39a05ddcbaa2ca8072792ba9eb2959e6cffc75b300b10b52700dd4886e294a35951a7dae1168cb2c0d13976f14a56fd3e571f3c6911f5f4b791244ed6de22ebb3515a957ab95b54ac09efd7ae
EAP-Message =
0x6bd956c9ea27c63ed372290be9ceff4d36bac037ee2936cd4b2b5065f50452c398b8e1d17ca15c00038830820384308202eda003020102020900e7477704fe0b606a300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135303434345a170d3039303432313135303434345a
EAP-Message = 0x308189310b300906035504061302435a311730150603
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5438c3f67d8fc170bfdecf1c6cb04cc
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3076, id=114,
length=174
User-Name = "boss"
NAS-IP-Address = 10.123.42.11
NAS-Port = 0
Called-Station-Id = "001cf05a2b71"
Calling-Station-Id = "001b77392d05"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061900
State = 0xc5438c3f67d8fc170bfdecf1c6cb04cc
Message-Authenticator = 0x3e96daba715db87f39916db1695d2563
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 114 to 10.123.42.11 port 3076
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010302ae1900550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100a235bf64e96b6f1cbb7664a541efa304adf30f47c8576eebd7038286b57d2d7f156f7a86d652d70432f1bd22fe29d68600329a04faa9499ace51a7bf608357a390ca1137d759c440ba2b58a45581243984f624158680f784b498ad57b45f671cf3a4e8da
EAP-Message =
0xd1564f915ee767df13bb438be8017ae197b1cb664199b751c6691a7d0203010001a381f13081ee301d0603551d0e041604144ecee11fc70a7694d7af21e5a7819990370028e63081be0603551d230481b63081b380144ecee11fc70a7694d7af21e5a7819990370028e6a1818fa4818c308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d82
EAP-Message =
0x0900e7477704fe0b606a300c0603551d13040530030101ff300d06092a864886f70d0101050500038181008a0ac70a399e62294dd9a9a87c297d332e67ecc64ea0dabba66d2a30a0ac26b4c8e09bb9cbb199cdb731e5831bb5d9a5403c5172d261250df6cc9e5041c2e9317086ba14b1d8c6c13d8e0b40d9fec502456b1c48d1d290d25f5fb5849c9da082a706e33c8a7dddc9acc9f81bc53f42cd9cd93a8d31f5603d9761d98e6398c50d16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x76d7c4e6f67f926686a5dc4693c1d6e0
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3076, id=115,
length=376
User-Name = "boss"
NAS-IP-Address = 10.123.42.11
NAS-Port = 0
Called-Station-Id = "001cf05a2b71"
Calling-Station-Id = "001b77392d05"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020300d01980000000c61603010086100000820080b21c3e1e4fae427fd09b23b8a18dcd5c9614f95436a1d360e40bc785390f5d907a33d3f5eb72077980d0db736c50e21a4a961e219572131ed6a54f0407d67d563a85e59db3c3bb0b8d9411e437b085d1661178f1ecfbb93606962637078cc486ad801dcef5ba373121299a4baa00c483875dbebdd6519f63c5ec4ab881c4acf61403010001011603010030654cbaf37740de04fdf9e6385b2d7d42ce0d8caf852004f92268eeac440afecfb85fb8a1516079f0ffa1d45494b77685
State = 0x76d7c4e6f67f926686a5dc4693c1d6e0
Message-Authenticator = 0x6421fcec1f1cc5125791a70319a1ea43
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 115 to 10.123.42.11 port 3076
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010400411900140301000101160301003047fdad6e556880c11c7e70fb192ff4cd295124df3aa30eb15b26dcf4c48fc6f8aeac60091e893cd59405eb8d7209f9c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc6dea48edc410ff186e20cb27acbf71b
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 112 with timestamp 480cdad4
Cleaning up request 1 ID 113 with timestamp 480cdad4
Cleaning up request 2 ID 114 with timestamp 480cdad4
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 115 with timestamp 480cdad5
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.123.42.11:3077, id=112,
length=173
User-Name = "testuser"
NAS-IP-Address = 10.123.42.11
NAS-Port = 0
Called-Station-Id = "001cf05a2b71"
Calling-Station-Id = "001b77392d05"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000d017465737475736572
Message-Authenticator = 0x0ee36160aedc0ad3b60e2fb258039d06
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 0 length 13
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry testuser at line 216
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 112 to 10.123.42.11 port 3077
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x66994fc2e8159ac20377da485a287cf7
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3077, id=113,
length=291
User-Name = "testuser"
NAS-IP-Address = 10.123.42.11
NAS-Port = 0
Called-Station-Id = "001cf05a2b71"
Calling-Station-Id = "001b77392d05"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0201007719800000006d1603010068010000640301480cddb5cfdb7316f78553c8246acb97d94ce30a5f5c236ee8c43c093e36b965000018002f00350005000ac009c00ac013c0140032003800130004010000230000000d000b0000087465737475736572000a00080006001700180019000b00020100
State = 0x66994fc2e8159ac20377da485a287cf7
Message-Authenticator = 0x5b61c6c39482584ade5b59c279202057
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 1 length 119
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry testuser at line 216
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0068], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 064b], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 113 to 10.123.42.11 port 3077
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0102040a19c0000006a8160301004a020000460301480cddbc14e814e50421705d1ad4e4deb66d4e643b8a7b9a615c4e2bebe16d7d20e777e9bd16213d489da53ccf50db5598a9e7b10dba376e73c7b32dd6950ccea5002f00160301064b0b0006470006440002b6308202b23082021ba003020102020900e7477704fe0b606c300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06
EAP-Message =
0x092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135313033385a170d3039303432313135313033385a308192310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311e301c060355040313157378322e6c6162732e706f6c6172696f6e2e636f6d3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c100256ce017aaf9e613e4b6a5
EAP-Message =
0x203ba1912f3d46d2dbda44e425dac84656ee6e44979674b2cdb0d429478baad086f313d3b05e2c6daec28dde064e896b3829dad39e6bd4e84fb4dc70ab11f399e49da302ec5b4bd7de4312f3ade2ce17be200c063c50e96620ed89dac441f472b39f1957b8cb1f47c5bb06885f8e52d94f02a50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008e366b4ecc308504d941c865e39a05ddcbaa2ca8072792ba9eb2959e6cffc75b300b10b52700dd4886e294a35951a7dae1168cb2c0d13976f14a56fd3e571f3c6911f5f4b791244ed6de22ebb3515a957ab95b54ac09efd7ae
EAP-Message =
0x6bd956c9ea27c63ed372290be9ceff4d36bac037ee2936cd4b2b5065f50452c398b8e1d17ca15c00038830820384308202eda003020102020900e7477704fe0b606a300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135303434345a170d3039303432313135303434345a
EAP-Message = 0x308189310b300906035504061302435a311730150603
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb83123181e34c0fa312134305bc70299
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3077, id=114,
length=178
User-Name = "testuser"
NAS-IP-Address = 10.123.42.11
NAS-Port = 0
Called-Station-Id = "001cf05a2b71"
Calling-Station-Id = "001b77392d05"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061900
State = 0xb83123181e34c0fa312134305bc70299
Message-Authenticator = 0x4608a7974cf83a5f59f6c399014da1e4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry testuser at line 216
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 114 to 10.123.42.11 port 3077
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010302ae1900550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100a235bf64e96b6f1cbb7664a541efa304adf30f47c8576eebd7038286b57d2d7f156f7a86d652d70432f1bd22fe29d68600329a04faa9499ace51a7bf608357a390ca1137d759c440ba2b58a45581243984f624158680f784b498ad57b45f671cf3a4e8da
EAP-Message =
0xd1564f915ee767df13bb438be8017ae197b1cb664199b751c6691a7d0203010001a381f13081ee301d0603551d0e041604144ecee11fc70a7694d7af21e5a7819990370028e63081be0603551d230481b63081b380144ecee11fc70a7694d7af21e5a7819990370028e6a1818fa4818c308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d82
EAP-Message =
0x0900e7477704fe0b606a300c0603551d13040530030101ff300d06092a864886f70d0101050500038181008a0ac70a399e62294dd9a9a87c297d332e67ecc64ea0dabba66d2a30a0ac26b4c8e09bb9cbb199cdb731e5831bb5d9a5403c5172d261250df6cc9e5041c2e9317086ba14b1d8c6c13d8e0b40d9fec502456b1c48d1d290d25f5fb5849c9da082a706e33c8a7dddc9acc9f81bc53f42cd9cd93a8d31f5603d9761d98e6398c50d16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd87a137b0b4fc5a29f3b2fa93a6f4c65
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.123.42.11:3077, id=115,
length=380
User-Name = "testuser"
NAS-IP-Address = 10.123.42.11
NAS-Port = 0
Called-Station-Id = "001cf05a2b71"
Calling-Station-Id = "001b77392d05"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020300d01980000000c616030100861000008200800c1f193b9041cdc894a0f1bb1c57995434db29eb2862297f204aeb0d4ed003609151acd9436778b768a8305c933700db0d37d5dbb4395bf5893623e090dadaed698dad421606482836f5d565a39890993167869ebb8cf4e6cc155537902fb71ccf05fd09f4a358ccafa3ef4f78a961a3ba9708f57a311217f029e1684625d02b140301000101160301003031046c0e381188b46ab76ce8a006992bfbe11256341a662da412c547bcf729ac147cdb430311f54eddebe7d251521b05
State = 0xd87a137b0b4fc5a29f3b2fa93a6f4c65
Message-Authenticator = 0x18750c35a9a5b2233503c793958bce9b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 3 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry testuser at line 216
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 115 to 10.123.42.11 port 3077
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0104004119001403010001011603010030f4691b547edc205a2563214db973a4e1016e38aacb8a27be0b4f266c30452a14431912729a868324cc3447b83f29cd50
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5213d7e8f65f7bf4a42614296bb63a9b
Finished request 7
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 112 with timestamp 480cddbc
Cleaning up request 5 ID 113 with timestamp 480cddbc
Cleaning up request 6 ID 114 with timestamp 480cddbc
Cleaning up request 7 ID 115 with timestamp 480cddbc
Nothing to do. Sleeping until we see a request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080421/ab2fd215/attachment.html>
More information about the Freeradius-Users
mailing list