EAP/TLS
Sergio Yébenes Moreno
sergioyebenes at alumnos.upm.es
Thu Jul 10 11:04:19 CEST 2008
Kwok Sianbin escribió:
>
> Thanks for the tips.
> If the certificates are fine then
> the only problem here is the radius server.
> XP can not authenticate the client & can't get connected.
>
> here the output
> Ready to process requests.
> User-Name = "MarsNet_Client"
> NAS-IP-Address = 0.0.0.0
> Framed-MTU = 1488
> Called-Station-Id = "00:30:1a:29:03:66"
> Calling-Station-Id = "00:1c:f0:10:56:b8"
> NAS-Port-Type = Wireless-802.11
> NAS-Identifier = "127.0.0.1"
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message = 0x02020013014d6172734e65745f436c69656e74
> Message-Authenticator = 0x00ebc8fcffd2c906e2d36ec4fff17d3a
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up
> realm NULL
> rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 2 length 19
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Requiring client certificate
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> ++[eap] returns handled
> EAP-Message = 0x010300060d20
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x7382effe7381e2540240fd45d4418b28
> Finished request 4.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 4 ID 1 with timestamp +930
> Ready to process requests.
> User-Name = "MarsNet_Client"
> NAS-IP-Address = 0.0.0.0
> Framed-MTU = 1488
> Called-Station-Id = "00:30:1a:29:03:66"
> Calling-Station-Id = "00:1c:f0:10:56:b8"
> NAS-Port-Type = Wireless-802.11
> NAS-Identifier = "127.0.0.1"
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message = 0x02010013014d6172734e65745f436c69656e74
> Message-Authenticator = 0xd79261edb8c5b177b0b6334837684449
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up
> realm NULL
> rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 1 length 19
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Requiring client certificate
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> ++[eap] returns handled
> EAP-Message = 0x010200060d20
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xae557800ae5775e5b09645c04263a306
> Finished request 5.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 5 ID 3 with timestamp +950
> Ready to process requests.
>
>
> --- On *Mon, 7/7/08, Ivan Kalik /<tnt at kalik.net>/* wrote:
>
> From: Ivan Kalik <tnt at kalik.net>
> Subject: Re: Private key
> To: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> Date: Monday, July 7, 2008, 10:38 PM
>
> Why do you care if "Windows does not have enough information to verify
> this certificate"? Does radius server have any problems with it?
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> __________ Información de NOD32, revisión 3253 (20080709) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>
Have you read last lines of eap.conf?
More information about the Freeradius-Users
mailing list