Client can't connect "Acquiring Network address"
Kwok Sianbin
sianbin_kwok at yahoo.com
Tue May 20 11:18:13 CEST 2008
Hi,
Thanks for the advice..The problem to generae certs was solved.
Now it comes back to existing problem in version 1.1.7 where the client request to server is on and on and never get connected.
I wonder why NAS-IP-Address = 0.0.0.0 unlike the other as I know got IP address assigned.
Here the log
Ready to process requests.
User-Name = "MarsNet"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:30:1a:29:03:66"
Calling-Station-Id = "00:1c:f0:10:56:b8"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201000c014d6172734e6574
Message-Authenticator = 0x971de64ca91d1afd0e499d63b8b9aff2
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "MarsNet", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry MarsNet at line 91
expand: Hello, %{User-Name} -> Hello, MarsNet
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Reply-Message = "Hello, MarsNet"
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x13382f46133a22a47c694fefa3fc3d08
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "MarsNet"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:30:1a:29:03:66"
Calling-Station-Id = "00:1c:f0:10:56:b8"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0x13382f46133a22a47c694fefa3fc3d08
EAP-Message = 0x020200500d800000004616030100410100003d03014832660e2f0fb111fc67ba57fe53cac5b6e069fba786f0ec44807023b4284a8800001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x0fe925603be76e65a1404457ac5412b6
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "MarsNet", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry MarsNet at line 91
expand: Hello, %{User-Name} -> Hello, MarsNet
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 084c], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a6], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
++[eap] returns handled
Reply-Message = "Hello, MarsNet"
EAP-Message = 0x010304000dc00000094b160301004a020000460301483265fd7c96a0e9fc9713fe93e9d180d22d37c1ae1a232b02433ecfcf033a34206f7a9cb000aa67272b2e95ac37019ecdc8a5bf6c574b0298bf67ddb71033c027000400160301084c0b0008480008450003a13082039d30820285a003020102020101300d06092a864886f70d0101040500308194310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3127302506035504
EAP-Message = 0x03131e4d617273696e646f20436572746966696361746520417574686f72697479301e170d3038303532303034333135355a170d3039303532303034333135355a3076310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e311d301b060355040313144d617273696e646f2053657276657220436572743120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bca7c767561f951c18502242b005f2d0727dc1affd01c9b29918bbd3af268c095b091c
EAP-Message = 0xc62304d82d388c4380d586d49eab42a7f82f4b9b86bdb1d5b0889644476f901a737c94349781c611d7d2da2ffbe8de5fa4534c28a4dffb2fbf805a6c9dff87227d8a0fab4dea651fc4223748b75d302ee960e8beda05996d8b2342b841770b030bef53297a177f431184747aa3bdc11f49750b8c603cb589c13583904a9ba6ef6560df8519d5a2dbeb7fe33c8a0ac801bb3e1f68d510b0c82312bd7fcb8d50c6286f3f7a45079625c0b4f9912cc83664227c5d418c10006a230c66172677d3bb4091370b0b871bda07bec0a82ee8f1377d3a8fadf0398f35beea0d89f70203010001a317301530130603551d25040c300a06082b06010505070301300d
EAP-Message = 0x06092a864886f70d010104050003820101004fbfef54576f9aac86015d57964cc2def331a16bf997b2b983ec834fb72f42e43b335bf1ad890123b205fac6a64bc0f824f34806cab4532dc9d48c1f827fc8050d3fe13af9df766b71ba58c515eaef089cfc685c5399371f1ef8f123cee3990828942848c20c60c6ab0ef93ba786b829816f24183e53aefeeea6fd11061a320fc0fe871220ad9f403497754f7187b2fe58dbf420af6cbf62297119bf1724539671bd8015dc1cc3a7c55b69cd63a4a2c35d523463ac9f44338f049b9d3b10c330b7d2dc183a1565cba70bb125c57ffdeed44785e3f36d404a094df74380dc1133d675c9aa87a6fd41e8e79f
EAP-Message = 0x93bd38749f3d952fe10c35a8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x13382f46123b22a47c694fefa3fc3d08
Finished request 1.
Going to the next request
Kwok Sianbin <sianbin_kwok at yahoo.com> wrote: Hi All,
I have problem generating client certificate for Windows Xp.
# make client.pem
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
Generating a 2048 bit RSA private key
...................................................................+++
.......+++
writing new private key to 'client.key'
-----
openssl ca -batch -keyfile server.key -cert server.crt -in client.csr -key `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
Using configuration from ./client.cnf
unable to load certificate
4773:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE
make: *** [client.crt] Error 1
I looked in client.cnf and I could not figure out where got wrong!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080520/8699990e/attachment.html>
More information about the Freeradius-Users
mailing list