eap/peap certificate problems?
Ivan Kalik
tnt at kalik.net
Mon Apr 21 22:04:41 CEST 2008
What freeradius version is this? Why don't you upgrade to current
version where PEAP works with default configuration with test
certifictes that are made during install? Once you check that's
working, replace them with your certificates and you will know if
certificates are the problem.
Ivan Kalik
Kalik informatika ISP
Dana 21/4/2008, "David Hláčik" <david at hlacik.eu> piše:
>Hi, becouse for a period of time i was not able to add to my
>working MSCHAPv2 for PPTPD with ldap radius configuration , i have copied a
>fresh new radius configuration files and tried to configure just a simple
>eap/peap for my wireless router.
>I have CentOS 5.1 , but basically i have followed this howto
>http://ubuntuforums.org/showthread.php?t=478804
>I have my own CA , and my own server certificate , with X509 xpextension
>support configured. I have installed as a trusted root CA certificate in my
>Windows Vista SP1 Client computer, i am using simple testuser with Secret149
>password defined in users file, but it still not works and complains about
>certificates. My windows vista wirelless connection manager is showing my
>server certificate as correct.
>This is log file
>
>Thanks!
>
>D.
>
>[root at sx2 raddb]# radiusd -X
>Starting - reading configuration files ...
>reread_config: reading radiusd.conf
>Config: including file: /etc/raddb/proxy.conf
>Config: including file: /etc/raddb/clients.conf
>Config: including file: /etc/raddb/snmp.conf
>Config: including file: /etc/raddb/eap.conf
> main: prefix = "/usr"
> main: localstatedir = "/var"
> main: logdir = "/var/log/radius"
> main: libdir = "/usr/lib64"
> main: radacctdir = "/var/log/radius/radacct"
> main: hostname_lookups = no
> main: snmp = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = "/var/log/radius/radius.log"
> main: log_auth = no
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = "/var/run/radiusd/radiusd.pid"
> main: user = "radiusd"
> main: group = "radiusd"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/sbin/checkrad"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: post_proxy_authorize = no
> proxy: wake_all_if_all_dead = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
>read_config_files: reading dictionary
>read_config_files: reading naslist
>Using deprecated naslist file. Support for this will go away soon.
>read_config_files: reading clients
>read_config_files: reading realms
>radiusd: entering modules setup
>Module: Library search path is /usr/lib64
>Module: Loaded exec
> exec: wait = yes
> exec: program = "(null)"
> exec: input_pairs = "request"
> exec: output_pairs = "(null)"
> exec: packet_type = "(null)"
>rlm_exec: Wait=yes but no output defined. Did you mean output=none?
>Module: Instantiated exec (exec)
>Module: Loaded expr
>Module: Instantiated expr (expr)
>Module: Loaded PAP
> pap: encryption_scheme = "crypt"
>Module: Instantiated pap (pap)
>Module: Loaded CHAP
>Module: Instantiated chap (chap)
>Module: Loaded MS-CHAP
> mschap: use_mppe = yes
> mschap: require_encryption = yes
> mschap: require_strong = yes
> mschap: with_ntdomain_hack = no
> mschap: passwd = "(null)"
> mschap: ntlm_auth = "(null)"
>Module: Instantiated mschap (mschap)
>Module: Loaded System
> unix: cache = no
> unix: passwd = "(null)"
> unix: shadow = "/etc/shadow"
> unix: group = "(null)"
> unix: radwtmp = "/var/log/radius/radwtmp"
> unix: usegroup = no
> unix: cache_reload = 600
>Module: Instantiated unix (unix)
>Module: Loaded eap
> eap: default_eap_type = "peap"
> eap: timer_expire = 60
> eap: ignore_unknown_eap_types = no
> eap: cisco_accounting_username_bug = no
>rlm_eap: Loaded and initialized type md5
>rlm_eap: Loaded and initialized type leap
> gtc: challenge = "Password: "
> gtc: auth_type = "PAP"
>rlm_eap: Loaded and initialized type gtc
> tls: rsa_key_exchange = no
> tls: dh_key_exchange = yes
> tls: rsa_key_length = 512
> tls: dh_key_length = 512
> tls: verify_depth = 0
> tls: CA_path = "(null)"
> tls: pem_file_type = yes
> tls: private_key_file = "/etc/pki/wireless/server_key.pem"
> tls: certificate_file = "/etc/pki/wireless/server_cert.pem"
> tls: CA_file = "/etc/pki/wireless/cacert.pem"
> tls: private_key_password = "Pln192"
> tls: dh_file = "/etc/pki/wireless/dh"
> tls: random_file = "/etc/pki/wireless/random"
> tls: fragment_size = 1024
> tls: include_length = yes
> tls: check_crl = no
> tls: check_cert_cn = "(null)"
> tls: cipher_list = "(null)"
> tls: check_cert_issuer = "(null)"
>rlm_eap_tls: Loading the certificate file as a chain
>rlm_eap: Loaded and initialized type tls
> peap: default_eap_type = "mschapv2"
> peap: copy_request_to_tunnel = no
> peap: use_tunneled_reply = no
> peap: proxy_tunneled_request_as_eap = yes
>rlm_eap: Loaded and initialized type peap
> mschapv2: with_ntdomain_hack = no
>rlm_eap: Loaded and initialized type mschapv2
>Module: Instantiated eap (eap)
>Module: Loaded preprocess
> preprocess: huntgroups = "/etc/raddb/huntgroups"
> preprocess: hints = "/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> preprocess: with_alvarion_vsa_hack = no
>Module: Instantiated preprocess (preprocess)
>Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> realm: ignore_default = no
> realm: ignore_null = no
>Module: Instantiated realm (suffix)
>Module: Loaded files
> files: usersfile = "/etc/raddb/users"
> files: acctusersfile = "/etc/raddb/acct_users"
> files: preproxy_usersfile = "/etc/raddb/preproxy_users"
> files: compat = "no"
>Module: Instantiated files (files)
>Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>Client-IP-Address, NAS-Port"
>Module: Instantiated acct_unique (acct_unique)
>Module: Loaded detail
> detail: detailfile =
>"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
>Module: Instantiated detail (detail)
>Module: Loaded radutmp
> radutmp: filename = "/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: case_sensitive = yes
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
>Module: Instantiated radutmp (radutmp)
>Listening on authentication *:1812
>Listening on accounting *:1813
>Ready to process requests.
>rad_recv: Access-Request packet from host 10.123.42.11:3076, id=112,
>length=165
> User-Name = "boss"
> NAS-IP-Address = 10.123.42.11
> NAS-Port = 0
> Called-Station-Id = "001cf05a2b71"
> Calling-Station-Id = "001b77392d05"
> NAS-Identifier = "Realtek Access Point. 8181"
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message = 0x0200000901626f7373
> Message-Authenticator = 0x79fd10c2a79dd35bc6304d53524675e8
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: EAP packet type response id 0 length 9
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
> users: Matched entry DEFAULT at line 152
> users: Matched entry DEFAULT at line 171
> modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns updated) for request 0
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> modcall[authenticate]: module "eap" returns handled for request 0
>modcall: leaving group authenticate (returns handled) for request 0
>Sending Access-Challenge of id 112 to 10.123.42.11 port 3076
> Framed-IP-Address = 255.255.255.254
> Framed-MTU = 576
> Service-Type = Framed-User
> EAP-Message = 0x010100061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x352e94993bcbb8a4249d7264d82f1829
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 10.123.42.11:3076, id=113,
>length=283
> User-Name = "boss"
> NAS-IP-Address = 10.123.42.11
> NAS-Port = 0
> Called-Station-Id = "001cf05a2b71"
> Calling-Station-Id = "001b77392d05"
> NAS-Identifier = "Realtek Access Point. 8181"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message =
>0x020100731980000000691603010064010000600301480cdacd6b3c5cf0b29cac484d2b3b6ec171038c6b943dd64181cfcd84fe6899000018002f00350005000ac009c00ac013c01400320038001300040100001f000000090007000004626f7373000a00080006001700180019000b00020100
> State = 0x352e94993bcbb8a4249d7264d82f1829
> Message-Authenticator = 0xd9e69c4f8fee707fadc9cb90c69bfea5
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 1
> modcall[authorize]: module "preprocess" returns ok for request 1
> modcall[authorize]: module "chap" returns noop for request 1
> modcall[authorize]: module "mschap" returns noop for request 1
> rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 1
> rlm_eap: EAP packet type response id 1 length 115
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 1
> users: Matched entry DEFAULT at line 152
> users: Matched entry DEFAULT at line 171
> modcall[authorize]: module "files" returns ok for request 1
>modcall: leaving group authorize (returns updated) for request 1
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 1
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
>rlm_eap_tls: Length Included
> eaptls_verify returned 11
> (other): before/accept initialization
> TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0064], ClientHello
> TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
> TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 064b], Certificate
> TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> TLS_accept: SSLv3 write server done A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate A
>rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
>In SSL Handshake Phase
>In SSL Accept mode
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 1
>modcall: leaving group authenticate (returns handled) for request 1
>Sending Access-Challenge of id 113 to 10.123.42.11 port 3076
> Framed-IP-Address = 255.255.255.254
> Framed-MTU = 576
> Service-Type = Framed-User
> EAP-Message =
>0x0102040a19c0000006a8160301004a020000460301480cdad46cd0e36489634b6d7e50a951e4b51c278c2dc04609fe3430936ddfbe20066fab6cce937dafb55c9c32a513910ca741e5ba99623744e649777ac10fc3c5002f00160301064b0b0006470006440002b6308202b23082021ba003020102020900e7477704fe0b606c300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06
> EAP-Message =
>0x092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135313033385a170d3039303432313135313033385a308192310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311e301c060355040313157378322e6c6162732e706f6c6172696f6e2e636f6d3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c100256ce017aaf9e613e4b6a5
> EAP-Message =
>0x203ba1912f3d46d2dbda44e425dac84656ee6e44979674b2cdb0d429478baad086f313d3b05e2c6daec28dde064e896b3829dad39e6bd4e84fb4dc70ab11f399e49da302ec5b4bd7de4312f3ade2ce17be200c063c50e96620ed89dac441f472b39f1957b8cb1f47c5bb06885f8e52d94f02a50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008e366b4ecc308504d941c865e39a05ddcbaa2ca8072792ba9eb2959e6cffc75b300b10b52700dd4886e294a35951a7dae1168cb2c0d13976f14a56fd3e571f3c6911f5f4b791244ed6de22ebb3515a957ab95b54ac09efd7ae
> EAP-Message =
>0x6bd956c9ea27c63ed372290be9ceff4d36bac037ee2936cd4b2b5065f50452c398b8e1d17ca15c00038830820384308202eda003020102020900e7477704fe0b606a300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135303434345a170d3039303432313135303434345a
> EAP-Message = 0x308189310b300906035504061302435a311730150603
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xc5438c3f67d8fc170bfdecf1c6cb04cc
>Finished request 1
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 10.123.42.11:3076, id=114,
>length=174
> User-Name = "boss"
> NAS-IP-Address = 10.123.42.11
> NAS-Port = 0
> Called-Station-Id = "001cf05a2b71"
> Calling-Station-Id = "001b77392d05"
> NAS-Identifier = "Realtek Access Point. 8181"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message = 0x020200061900
> State = 0xc5438c3f67d8fc170bfdecf1c6cb04cc
> Message-Authenticator = 0x3e96daba715db87f39916db1695d2563
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 2
> modcall[authorize]: module "preprocess" returns ok for request 2
> modcall[authorize]: module "chap" returns noop for request 2
> modcall[authorize]: module "mschap" returns noop for request 2
> rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 2
> rlm_eap: EAP packet type response id 2 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 2
> users: Matched entry DEFAULT at line 152
> users: Matched entry DEFAULT at line 171
> modcall[authorize]: module "files" returns ok for request 2
>modcall: leaving group authorize (returns updated) for request 2
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 2
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 2
>modcall: leaving group authenticate (returns handled) for request 2
>Sending Access-Challenge of id 114 to 10.123.42.11 port 3076
> Framed-IP-Address = 255.255.255.254
> Framed-MTU = 576
> Service-Type = Framed-User
> EAP-Message =
>0x010302ae1900550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100a235bf64e96b6f1cbb7664a541efa304adf30f47c8576eebd7038286b57d2d7f156f7a86d652d70432f1bd22fe29d68600329a04faa9499ace51a7bf608357a390ca1137d759c440ba2b58a45581243984f624158680f784b498ad57b45f671cf3a4e8da
> EAP-Message =
>0xd1564f915ee767df13bb438be8017ae197b1cb664199b751c6691a7d0203010001a381f13081ee301d0603551d0e041604144ecee11fc70a7694d7af21e5a7819990370028e63081be0603551d230481b63081b380144ecee11fc70a7694d7af21e5a7819990370028e6a1818fa4818c308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d82
> EAP-Message =
>0x0900e7477704fe0b606a300c0603551d13040530030101ff300d06092a864886f70d0101050500038181008a0ac70a399e62294dd9a9a87c297d332e67ecc64ea0dabba66d2a30a0ac26b4c8e09bb9cbb199cdb731e5831bb5d9a5403c5172d261250df6cc9e5041c2e9317086ba14b1d8c6c13d8e0b40d9fec502456b1c48d1d290d25f5fb5849c9da082a706e33c8a7dddc9acc9f81bc53f42cd9cd93a8d31f5603d9761d98e6398c50d16030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x76d7c4e6f67f926686a5dc4693c1d6e0
>Finished request 2
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 10.123.42.11:3076, id=115,
>length=376
> User-Name = "boss"
> NAS-IP-Address = 10.123.42.11
> NAS-Port = 0
> Called-Station-Id = "001cf05a2b71"
> Calling-Station-Id = "001b77392d05"
> NAS-Identifier = "Realtek Access Point. 8181"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message =
>0x020300d01980000000c61603010086100000820080b21c3e1e4fae427fd09b23b8a18dcd5c9614f95436a1d360e40bc785390f5d907a33d3f5eb72077980d0db736c50e21a4a961e219572131ed6a54f0407d67d563a85e59db3c3bb0b8d9411e437b085d1661178f1ecfbb93606962637078cc486ad801dcef5ba373121299a4baa00c483875dbebdd6519f63c5ec4ab881c4acf61403010001011603010030654cbaf37740de04fdf9e6385b2d7d42ce0d8caf852004f92268eeac440afecfb85fb8a1516079f0ffa1d45494b77685
> State = 0x76d7c4e6f67f926686a5dc4693c1d6e0
> Message-Authenticator = 0x6421fcec1f1cc5125791a70319a1ea43
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 3
> modcall[authorize]: module "preprocess" returns ok for request 3
> modcall[authorize]: module "chap" returns noop for request 3
> modcall[authorize]: module "mschap" returns noop for request 3
> rlm_realm: No '@' in User-Name = "boss", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 3
> rlm_eap: EAP packet type response id 3 length 208
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 3
> users: Matched entry DEFAULT at line 152
> users: Matched entry DEFAULT at line 171
> modcall[authorize]: module "files" returns ok for request 3
>modcall: leaving group authorize (returns updated) for request 3
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 3
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
>rlm_eap_tls: Length Included
> eaptls_verify returned 11
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
> TLS_accept: SSLv3 read client key exchange A
> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 read finished A
> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
> TLS_accept: SSLv3 write change cipher spec A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 write finished A
> TLS_accept: SSLv3 flush data
> (other): SSL negotiation finished successfully
>rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
>SSL Connection Established
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 3
>modcall: leaving group authenticate (returns handled) for request 3
>Sending Access-Challenge of id 115 to 10.123.42.11 port 3076
> Framed-IP-Address = 255.255.255.254
> Framed-MTU = 576
> Service-Type = Framed-User
> EAP-Message =
>0x010400411900140301000101160301003047fdad6e556880c11c7e70fb192ff4cd295124df3aa30eb15b26dcf4c48fc6f8aeac60091e893cd59405eb8d7209f9c1
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xc6dea48edc410ff186e20cb27acbf71b
>Finished request 3
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 5 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 112 with timestamp 480cdad4
>Cleaning up request 1 ID 113 with timestamp 480cdad4
>Cleaning up request 2 ID 114 with timestamp 480cdad4
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Cleaning up request 3 ID 115 with timestamp 480cdad5
>Nothing to do. Sleeping until we see a request.
>rad_recv: Access-Request packet from host 10.123.42.11:3077, id=112,
>length=173
> User-Name = "testuser"
> NAS-IP-Address = 10.123.42.11
> NAS-Port = 0
> Called-Station-Id = "001cf05a2b71"
> Calling-Station-Id = "001b77392d05"
> NAS-Identifier = "Realtek Access Point. 8181"
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message = 0x0200000d017465737475736572
> Message-Authenticator = 0x0ee36160aedc0ad3b60e2fb258039d06
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 4
> modcall[authorize]: module "preprocess" returns ok for request 4
> modcall[authorize]: module "chap" returns noop for request 4
> modcall[authorize]: module "mschap" returns noop for request 4
> rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 4
> rlm_eap: EAP packet type response id 0 length 13
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 4
> users: Matched entry DEFAULT at line 152
> users: Matched entry DEFAULT at line 171
> users: Matched entry testuser at line 216
> modcall[authorize]: module "files" returns ok for request 4
>modcall: leaving group authorize (returns updated) for request 4
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 4
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> modcall[authenticate]: module "eap" returns handled for request 4
>modcall: leaving group authenticate (returns handled) for request 4
>Sending Access-Challenge of id 112 to 10.123.42.11 port 3077
> Framed-IP-Address = 255.255.255.254
> Framed-MTU = 576
> Service-Type = Framed-User
> EAP-Message = 0x010100061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x66994fc2e8159ac20377da485a287cf7
>Finished request 4
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 10.123.42.11:3077, id=113,
>length=291
> User-Name = "testuser"
> NAS-IP-Address = 10.123.42.11
> NAS-Port = 0
> Called-Station-Id = "001cf05a2b71"
> Calling-Station-Id = "001b77392d05"
> NAS-Identifier = "Realtek Access Point. 8181"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message =
>0x0201007719800000006d1603010068010000640301480cddb5cfdb7316f78553c8246acb97d94ce30a5f5c236ee8c43c093e36b965000018002f00350005000ac009c00ac013c0140032003800130004010000230000000d000b0000087465737475736572000a00080006001700180019000b00020100
> State = 0x66994fc2e8159ac20377da485a287cf7
> Message-Authenticator = 0x5b61c6c39482584ade5b59c279202057
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 5
> modcall[authorize]: module "preprocess" returns ok for request 5
> modcall[authorize]: module "chap" returns noop for request 5
> modcall[authorize]: module "mschap" returns noop for request 5
> rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 5
> rlm_eap: EAP packet type response id 1 length 119
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 5
> users: Matched entry DEFAULT at line 152
> users: Matched entry DEFAULT at line 171
> users: Matched entry testuser at line 216
> modcall[authorize]: module "files" returns ok for request 5
>modcall: leaving group authorize (returns updated) for request 5
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 5
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
>rlm_eap_tls: Length Included
> eaptls_verify returned 11
> (other): before/accept initialization
> TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0068], ClientHello
> TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
> TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 064b], Certificate
> TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> TLS_accept: SSLv3 write server done A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate A
>rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
>In SSL Handshake Phase
>In SSL Accept mode
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 5
>modcall: leaving group authenticate (returns handled) for request 5
>Sending Access-Challenge of id 113 to 10.123.42.11 port 3077
> Framed-IP-Address = 255.255.255.254
> Framed-MTU = 576
> Service-Type = Framed-User
> EAP-Message =
>0x0102040a19c0000006a8160301004a020000460301480cddbc14e814e50421705d1ad4e4deb66d4e643b8a7b9a615c4e2bebe16d7d20e777e9bd16213d489da53ccf50db5598a9e7b10dba376e73c7b32dd6950ccea5002f00160301064b0b0006470006440002b6308202b23082021ba003020102020900e7477704fe0b606c300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06
> EAP-Message =
>0x092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135313033385a170d3039303432313135313033385a308192310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311e301c060355040313157378322e6c6162732e706f6c6172696f6e2e636f6d3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c100256ce017aaf9e613e4b6a5
> EAP-Message =
>0x203ba1912f3d46d2dbda44e425dac84656ee6e44979674b2cdb0d429478baad086f313d3b05e2c6daec28dde064e896b3829dad39e6bd4e84fb4dc70ab11f399e49da302ec5b4bd7de4312f3ade2ce17be200c063c50e96620ed89dac441f472b39f1957b8cb1f47c5bb06885f8e52d94f02a50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008e366b4ecc308504d941c865e39a05ddcbaa2ca8072792ba9eb2959e6cffc75b300b10b52700dd4886e294a35951a7dae1168cb2c0d13976f14a56fd3e571f3c6911f5f4b791244ed6de22ebb3515a957ab95b54ac09efd7ae
> EAP-Message =
>0x6bd956c9ea27c63ed372290be9ceff4d36bac037ee2936cd4b2b5065f50452c398b8e1d17ca15c00038830820384308202eda003020102020900e7477704fe0b606a300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135303434345a170d3039303432313135303434345a
> EAP-Message = 0x308189310b300906035504061302435a311730150603
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xb83123181e34c0fa312134305bc70299
>Finished request 5
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 10.123.42.11:3077, id=114,
>length=178
> User-Name = "testuser"
> NAS-IP-Address = 10.123.42.11
> NAS-Port = 0
> Called-Station-Id = "001cf05a2b71"
> Calling-Station-Id = "001b77392d05"
> NAS-Identifier = "Realtek Access Point. 8181"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message = 0x020200061900
> State = 0xb83123181e34c0fa312134305bc70299
> Message-Authenticator = 0x4608a7974cf83a5f59f6c399014da1e4
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 6
> modcall[authorize]: module "preprocess" returns ok for request 6
> modcall[authorize]: module "chap" returns noop for request 6
> modcall[authorize]: module "mschap" returns noop for request 6
> rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 6
> rlm_eap: EAP packet type response id 2 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 6
> users: Matched entry DEFAULT at line 152
> users: Matched entry DEFAULT at line 171
> users: Matched entry testuser at line 216
> modcall[authorize]: module "files" returns ok for request 6
>modcall: leaving group authorize (returns updated) for request 6
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 6
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 6
>modcall: leaving group authenticate (returns handled) for request 6
>Sending Access-Challenge of id 114 to 10.123.42.11 port 3077
> Framed-IP-Address = 255.255.255.254
> Framed-MTU = 576
> Service-Type = Framed-User
> EAP-Message =
>0x010302ae1900550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100a235bf64e96b6f1cbb7664a541efa304adf30f47c8576eebd7038286b57d2d7f156f7a86d652d70432f1bd22fe29d68600329a04faa9499ace51a7bf608357a390ca1137d759c440ba2b58a45581243984f624158680f784b498ad57b45f671cf3a4e8da
> EAP-Message =
>0xd1564f915ee767df13bb438be8017ae197b1cb664199b751c6691a7d0203010001a381f13081ee301d0603551d0e041604144ecee11fc70a7694d7af21e5a7819990370028e63081be0603551d230481b63081b380144ecee11fc70a7694d7af21e5a7819990370028e6a1818fa4818c308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d82
> EAP-Message =
>0x0900e7477704fe0b606a300c0603551d13040530030101ff300d06092a864886f70d0101050500038181008a0ac70a399e62294dd9a9a87c297d332e67ecc64ea0dabba66d2a30a0ac26b4c8e09bb9cbb199cdb731e5831bb5d9a5403c5172d261250df6cc9e5041c2e9317086ba14b1d8c6c13d8e0b40d9fec502456b1c48d1d290d25f5fb5849c9da082a706e33c8a7dddc9acc9f81bc53f42cd9cd93a8d31f5603d9761d98e6398c50d16030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xd87a137b0b4fc5a29f3b2fa93a6f4c65
>Finished request 6
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 10.123.42.11:3077, id=115,
>length=380
> User-Name = "testuser"
> NAS-IP-Address = 10.123.42.11
> NAS-Port = 0
> Called-Station-Id = "001cf05a2b71"
> Calling-Station-Id = "001b77392d05"
> NAS-Identifier = "Realtek Access Point. 8181"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message =
>0x020300d01980000000c616030100861000008200800c1f193b9041cdc894a0f1bb1c57995434db29eb2862297f204aeb0d4ed003609151acd9436778b768a8305c933700db0d37d5dbb4395bf5893623e090dadaed698dad421606482836f5d565a39890993167869ebb8cf4e6cc155537902fb71ccf05fd09f4a358ccafa3ef4f78a961a3ba9708f57a311217f029e1684625d02b140301000101160301003031046c0e381188b46ab76ce8a006992bfbe11256341a662da412c547bcf729ac147cdb430311f54eddebe7d251521b05
> State = 0xd87a137b0b4fc5a29f3b2fa93a6f4c65
> Message-Authenticator = 0x18750c35a9a5b2233503c793958bce9b
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 7
> modcall[authorize]: module "preprocess" returns ok for request 7
> modcall[authorize]: module "chap" returns noop for request 7
> modcall[authorize]: module "mschap" returns noop for request 7
> rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 7
> rlm_eap: EAP packet type response id 3 length 208
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 7
> users: Matched entry DEFAULT at line 152
> users: Matched entry DEFAULT at line 171
> users: Matched entry testuser at line 216
> modcall[authorize]: module "files" returns ok for request 7
>modcall: leaving group authorize (returns updated) for request 7
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 7
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
>rlm_eap_tls: Length Included
> eaptls_verify returned 11
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
> TLS_accept: SSLv3 read client key exchange A
> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 read finished A
> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
> TLS_accept: SSLv3 write change cipher spec A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 write finished A
> TLS_accept: SSLv3 flush data
> (other): SSL negotiation finished successfully
>rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
>SSL Connection Established
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled for request 7
>modcall: leaving group authenticate (returns handled) for request 7
>Sending Access-Challenge of id 115 to 10.123.42.11 port 3077
> Framed-IP-Address = 255.255.255.254
> Framed-MTU = 576
> Service-Type = Framed-User
> EAP-Message =
>0x0104004119001403010001011603010030f4691b547edc205a2563214db973a4e1016e38aacb8a27be0b4f266c30452a14431912729a868324cc3447b83f29cd50
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5213d7e8f65f7bf4a42614296bb63a9b
>Finished request 7
>Going to the next request
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>Cleaning up request 4 ID 112 with timestamp 480cddbc
>Cleaning up request 5 ID 113 with timestamp 480cddbc
>Cleaning up request 6 ID 114 with timestamp 480cddbc
>Cleaning up request 7 ID 115 with timestamp 480cddbc
>Nothing to do. Sleeping until we see a request.
>
>
More information about the Freeradius-Users
mailing list