My error:

tnt at kalik.net tnt at kalik.net
Wed Nov 26 22:29:27 CET 2008


Ask Intel where does that thing write logs and then read them. Answer is
with the supplicant. Looking at the radius server won't help.

Ivan Kalik
Kalik Informatika ISP


Dana 26/11/2008, "Martin Silvero" <silvero.martin at gmail.com> piše:

>rad_recv: Access-Request packet from host 10.0.16.4 port 1645, id=6, length=136
>        User-Name = "test"
>        Framed-MTU = 1400
>        Called-Station-Id = "0019.2fdb.9d00"
>        Calling-Station-Id = "001f.3c22.44c5"
>        Service-Type = Login-User
>        Message-Authenticator = 0x8185244a1739d905761d97635ccde126
>        EAP-Message = 0x020100090163657274
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 262
>        NAS-IP-Address = 10.0.16.4
>        NAS-Identifier = "ap"
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>++[suffix] returns noop
>  rlm_eap: EAP packet type response id 1 length 9
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[unix] returns notfound
>    users: Matched entry cert at line 76
>++[files] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>+- entering group authenticate
>  rlm_eap: EAP Identity
>  rlm_eap: processing type tls
> rlm_eap_tls: Requiring client certificate
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>++[eap] returns handled
>Sending Access-Challenge of id 6 to 10.0.16.4 port 1645
>        EAP-Message = 0x010200060d20
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xb7c9adf3b7cba0f54e6f2b406f75dfd7
>Finished request 0.
>Going to the next request
>Waking up in 4.9 seconds.
>Cleaning up request 0 ID 6 with timestamp +5
>Ready to process requests.
>
>
>--------
>
>this error is with the supplicant "wire1"
>
>but... when the supplicant is "Intel PROset wireless" the error is this:
>
>
>
>
>
>
>
>rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=2, length=136
>        User-Name = "cert"
>        Framed-MTU = 1400
>        Called-Station-Id = "0019.2fdb.9e00"
>        Calling-Station-Id = "001f.3c22.674a"
>        Service-Type = Login-User
>        Message-Authenticator = 0xba5587f920826e2bd4beb4695b9be3de
>        EAP-Message = 0x020100090163657274
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 259
>        NAS-IP-Address = 10.0.31.40
>        NAS-Identifier = "ap-Reconquista-31"
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>    rlm_realm: No '@' in User-Name = "cert", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>++[suffix] returns noop
>  rlm_eap: EAP packet type response id 1 length 9
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[unix] returns notfound
>    users: Matched entry cert at line 76
>++[files] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>+- entering group authenticate
>  rlm_eap: EAP Identity
>  rlm_eap: processing type tls
> rlm_eap_tls: Requiring client certificate
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>++[eap] returns handled
>Sending Access-Challenge of id 2 to 10.0.31.40 port 1645
>        EAP-Message = 0x010200060d20
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x45047f1b45067264424db5b65333fec0
>Finished request 1.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=3, length=255
>        User-Name = "cert"
>        Framed-MTU = 1400
>        Called-Station-Id = "0019.2fdb.9e00"
>        Calling-Station-Id = "001f.3c22.674a"
>        Service-Type = Login-User
>        Message-Authenticator = 0x565fba63fe92ec25bb27dc9b7cd35351
>        EAP-Message =
>0x0202006e0d8000000064160301005f0100005b0301492d8813d8442284e62309c1463f24d6bd6dff31a5a199dee31582cbb9fa140400003400390038003500160013000a00330032002f006600050004006500640063006200610060001500120009001400110008000600030100
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 259
>        State = 0x45047f1b45067264424db5b65333fec0
>        NAS-IP-Address = 10.0.31.40
>        NAS-Identifier = "ap-Reconquista-31"
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>    rlm_realm: No '@' in User-Name = "cert", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>++[suffix] returns noop
>  rlm_eap: EAP packet type response id 2 length 110
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[unix] returns notfound
>    users: Matched entry cert at line 76
>++[files] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>+- entering group authenticate
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/tls
>  rlm_eap: processing type tls
>  rlm_eap_tls: Authenticate
>  rlm_eap_tls: processing TLS
>  TLS Length 100
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>    (other): before/accept initialization
>    TLS_accept: before/accept initialization
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello
>    TLS_accept: SSLv3 read client hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>    TLS_accept: SSLv3 write server hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0849], Certificate
>    TLS_accept: SSLv3 write certificate A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
>    TLS_accept: SSLv3 write key exchange A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a3], CertificateRequest
>    TLS_accept: SSLv3 write certificate request A
>    TLS_accept: SSLv3 flush data
>    TLS_accept: Need to read more data: SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>  eaptls_process returned 13
>++[eap] returns handled
>Sending Access-Challenge of id 3 to 10.0.31.40 port 1645
>        EAP-Message =
>0x010304000dc000000b57160301004a020000460301492d88149171a0d9fd6597a004574b6ff645784cfb233487f6a1178e983db8b9202849854d8af6a3dea84919340635e06d602786b93c1fe23e19cdfced138f4ce100390016030108490b00084500084200039d3082039930820281a003020102020101300d06092a864886f70d010104050030818f310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311d30
>        EAP-Message =
>0x1b06035504031314436572746966696361646f205261646975734954301e170d3038313131383139303732335a170d3039313131383139303732335a3077310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c060355040a130549504c414e311b3019060355040313125365727665722043657274696669636174653124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e617230820122300d06092a864886f70d01010105000382010f003082010a0282010100a3214e2a03be37b3b6da8eff4fae6c7842f472aeb12bba75eb5562cddb7952a6ae61663f628df1
>        EAP-Message =
>0x2d1991b857f64a16e911276e3d6bcda584cbedf6869c19b871e9d8885955316739815ffee397c766ef9dd324f5eab40e761981f957447f775aa6fbb54d3524b76c08619fc3ebb786fa8347e080fd1512f9e04f4a0233cbe0c8a43efc96df5ac94f8a5270d4ff7fab98d04e464d1db1c53e62d412b0aca7f5a93e1e7386f65279b8dced42895115acecb76d0c619308bf79489223bdf468c6dff08d3ed46c2ed01398ee13207a187e36c82aa3b67679ce0278a9d89ec043ad8500eee052d4b5376a1d1c26153ccda064fdcf7bb2f6a1ad60fb34419705b89e650203010001a317301530130603551d25040c300a06082b06010505070301300d06092a86
>        EAP-Message =
>0x4886f70d0101040500038201010098f1873453c3f3d52defa937a6a5ef9582a20758059e5aa37c451910b3b1a1823338a62070943b943c1f14aff489d62b163dccf164d7d60392a72d689778f6487087c8bc71ef77630065e987ec37c7fcccb2df32c6ca508a1f5a244c26a6b2e4d2ffbc6b9caa8b0676aace623b008ca88a0a1bc790e20110afca82544e136e9f6b748dcfa422a59fc780f9e59c29aba4163fe428b6a5090afb244d0d66ae5908f53ceaf6f4f21344372513726077ba93bafe985a2dd3107983de3ad686dfec2d78ef34c76148f6329cd5d00c8543803f27fe221df19d90465e602e4e0e1909d38cd03b108b5bb0f7bdc402f6cddfbf
>        EAP-Message = 0xb7420732d3d7b3e2232b37fd
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x45047f1b44077264424db5b65333fec0
>Finished request 2.
>Going to the next request
>Waking up in 4.3 seconds.
>
>
>-----------------------------
>
>
>
>any suggestions?
>
>many thanks!
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list