2 server radius (same configuration), different log messages

Enrico Fanti efanti.list at gmail.com
Mon May 19 09:01:56 CEST 2008 

Hi all.

 I have 2 server radius and 1 "AP Cisco" configured to use EAP 
Authentication.

I have 2 server radius with freeradius 1.1.7 (fedora 8), configured in 
the same way (PEAP) (I haad configured my first server radius and then I 
copied my configuration files , and the certificates in second server 
radius)

Then by my linux laptop, with wpa_supplicant I try to connect to my 
wireless ntwork.



1)
If my AP is configured to require the authentication on  first server 
radius 1, I obtain this log messages:

*Mon May 19 08:51:20 2008 : Error:     TLS_accept:error in SSLv3 read 
client certificate A
Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Mon May 19 08:51:20 2008 : Info:     (other): SSL negotiation finished 
successfully
Mon May 19 08:51:20 2008 : Info: rlm_eap_tls: Received EAP-TLS ACK message*
Mon May 19 08:51:20 2008 : Info: rlm_eap_mschapv2: Issuing Challenge
*Mon May 19 08:51:20 2008 : Auth: Login OK: [fanti/<no User-Password 
attribute>] (from client localhost port 3686 cli 001e.4c00.dade)
Mon May 19 08:51:20 2008 : Auth: Login OK: [fanti/<no User-Password 
attribute>] (from client ap-alternet port 3686 cli 001e.4c00.dade)*

##############################################################
If I start with radius -X:


  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap: Success
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 9
modcall: group authenticate returns ok for request 9
*Login OK: [fanti/<no User-Password attribute>] (from client ap-alternet 
port 3687 cli 001e.4c00.dade)*

##################################################################



2)
In my second server radius I obtain:


Mon May 19 08:50:38 2008 : Info: rlm_eap_mschapv2: Issuing Challenge
*Mon May 19 08:50:38 2008 : Auth: Login OK: [fanti] (from client 
localhost port 3689 cli 001e.4c00.dade)
Mon May 19 08:50:38 2008 : Auth: Login OK: [fanti] (from client 
ap-alternet port 3689 cli 001e.4c00.dade)*

#####################
If I start with radius -X:


rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap: Success
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 9
modcall: leaving group authenticate (returns ok) for request 9
*Login OK: [fanti] (from client ap-alternet port 3690 cli 001e.4c00.dade


*I don't understand why I have differences in this 2 logs  (In rows 
where I have Login OK).

Can you help me please ?

Thank you
enrico

 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080519/544a9a74/attachment.html>

More information about the Freeradius-Users mailing list