Error in the negotiations

Martin Silvero silvero.martin at gmail.com
Mon Oct 6 16:48:48 CEST 2008


 This is the error when the user tries to connect

seems an error of certificates but are well installed:
thanks!!!






Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=68,
length=144
        User-Name = "msilvero"
        Framed-MTU = 1400
        Called-Station-Id = "0019.2fdb.9200"
        Calling-Station-Id = "001f.3c22.44e5"
        Service-Type = Login-User
        Message-Authenticator = 0xb7ec9c58aef5995fa1beeaf9fb22d535
        EAP-Message = 0x0201000d016d73696c7665726f
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 278
        NAS-IP-Address = 10.0.31.40
        NAS-Identifier = "ap"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "msilvero", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 1 length 13
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry msilvero at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 68 to 10.0.31.40 port 1645
        EAP-Message = 0x0102001604100150e2e5a3af2f9bf6b494482cd5b15c
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc4723e07c4703a0f252b64ab3b8aac1c
Finished request 63.
Going to the next request
Waking up in 2.5 seconds.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=69,
length=155
        User-Name = "msilvero"
        Framed-MTU = 1400
        Called-Station-Id = "0019.2fdb.9e01"
        Calling-Station-Id = "001f.3c22.44c1"
        Service-Type = Login-User
        Message-Authenticator = 0x32c823b2ce943c46fe0003306353f899
        EAP-Message = 0x02020006030d
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 278
        State = 0xc4723e07c4703a0f252b64ab3b8aac1c
        NAS-IP-Address = 10.0.31.40
        NAS-Identifier = "ap"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "msilvero", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry msilvero at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: EAP-NAK asked for EAP-Type/tls
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 69 to 10.0.31.40 port 1645
        EAP-Message = 0x010300060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc4723e07c571330f252b64ab3b8aac1c
Finished request 64.
Going to the next request
Waking up in 2.5 seconds.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=70,
length=259
        User-Name = "msilvero"
        Framed-MTU = 1400
        Called-Station-Id = "0019.2fdb.9100"
        Calling-Station-Id = "001f.3c22.44e5"
        Service-Type = Login-User
        Message-Authenticator = 0x81272adb33bde6be5f5504b71ab4a408
        EAP-Message =
0x0203006e0d8000000064160301005f0100005b030148e6393e196c12f7838dcd0d7a1694260cf59192b892175d80ab559c8c0d2a2c00003400390038003500160013000a00330032002f006600050004006500640063006200610060001500120009001400110008000600030100
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 278
        State = 0xc4723e07c571330f252b64ab3b8aac1c
        NAS-IP-Address = 10.0.31.40
        NAS-Identifier = "ap"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "msilvero", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 3 length 110
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry msilvero at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
  TLS Length 100
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 084d], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
    TLS_accept: SSLv3 write key exchange A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a4], CertificateRequest
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 70 to 10.0.31.40 port 1645
        EAP-Message =
0x010404000dc000000b5c160301004a02000046030148e6393f8cf1a3361f16721360b5d45888974900d9d8b23589586a54fe51948e20d797947a00be4bc79252c1053e25d5fce0cedf6011d6ec9db492fd852b63101f003900160301084d0b00084900084600039e3082039a30820282a003020102020101300d06092a864886f70d0101040500308190310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311e30
        EAP-Message =
0x1c06035504031315436572746966696361746520417574686f72697479301e170d3038303931313139333132345a170d3039303931313139333132345a3077310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c060355040a130549504c414e311b3019060355040313125365727665722043657274696669636174653124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e617230820122300d06092a864886f70d01010105000382010f003082010a0282010100cb176f82821ac53bae0ad6d892dc2fbc02bd709cfd64b2f81bf01398427a953dc2b95534af53
        EAP-Message =
0xad5703b2d29b3907f7024d696fe1052b8a17e4e75a68ddaa7c71cae9e65a97275165e2c70edcaa483683b0dcd11b16eb3390c227d7dd513bcd994aae66c7edd36e527c7252c9100d6393d6f61b8a3f3a33bc2f010bd55f4d235582390de19faeb2c875d8d16abe3fc6c7ad9584c90f14e921e374873ab54996ae6e1e913105cccd7b3b17d9b7549e763a5e1a2bd5275bdb2a22326801738ef91eebe62254ed7169c4e228001e2632103b1f38440018088f1eaf6a67c4aa787e0b7742fd4b079bb054222f70b468d2beeed58097b09b1431aa547805ca87260e090203010001a317301530130603551d25040c300a06082b06010505070301300d06092a
        EAP-Message =
0x864886f70d0101040500038201010006bd989e695b4fc7051fed5d91b62cf1a0d75072e293faf15aa1b638ef07fecded678c1b5533c133c1a0ee2ee602a00def36556a8949260a6772f910c440a42fac024f1827575721130d2f6b5cedd85e0340439a0f651d2c9467054fb89817af3aef0d8a2a41168ff857d047d8ff5e9803dadd7f7946106856fc04fb9f38ff21bd3ff5999113806e7d01669f0e27c1e6be50228a4151e3d39acdc5a6c29ec9b9730055cca50e4d33f8a1c071d84d5df62823125a61a4e3c4d958e83c9218b2a6c3635da4e41c12e403ded5b2c2450e8f04ca53684d2e64cbbc6ccb2351e38207a19f7a9352bec178c892deace531
        EAP-Message = 0x99099dcd2c06b6668361b45a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc4723e07c676330f252b64ab3b8aac1c
Finished request 65.
Going to the next request
Waking up in 2.5 seconds.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=71,
length=155
        User-Name = "msilvero"
        Framed-MTU = 1400
        Called-Station-Id = "0019.2fdb.9100"
        Calling-Station-Id = "001f.3c22.44e5"
        Service-Type = Login-User
        Message-Authenticator = 0xb611e618564f594f59b8a57688c4fc6a
        EAP-Message = 0x020400060d00
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 278
        State = 0xc4723e07c676330f252b64ab3b8aac1c
        NAS-IP-Address = 10.0.31.40
        NAS-Identifier = "ap"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "msilvero", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry msilvero at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 71 to 10.0.31.40 port 1645
        EAP-Message =
0x010504000dc000000b5ce3115e02e0670004a23082049e30820386a003020102020900d9dcff3987698a72300d06092a864886f70d0101050500308190310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311e301c06035504031315436572746966696361746520417574686f72697479301e170d3038303931313139323934345a170d3038313031313139323934345a308190310b3009060355040613024152
        EAP-Message =
0x311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311e301c06035504031315436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b326eafca1440742350e357c49fc3ee99823cf82af887f2dab58faf782484e2b9a485b317ded6bd95fa746ef0432c96862dccbaad3d3a619da14c1cf684e530ca3003e18d9ab94284e31330b287dfe3e008c9ac54abc5acde9
        EAP-Message =
0x1c85dd20c770467b546d8318c8d17e35709e704dec48b86afca059031c13a2130af97820bd7cfe73ab906acf847bc711184d0e9fba4377647754f6ab75717a7eda6ecc046bda89a0b147271fcdb84b094da53e168e2f83710e72f79fb4a4153ead2b7548dcf5f9d9789b3e0a46f21540659a9b30e834d5ab33184feec0ded43ba366d7b45bf5dec22d5670a7e8c34eb55aa593fc9021c7ec114a6bc0e116711efa8d39ec5617e90203010001a381f83081f5301d0603551d0e04160414783ebd2ad86bb68a828aa2e0b63806cfd5bf7ab03081c50603551d230481bd3081ba8014783ebd2ad86bb68a828aa2e0b63806cfd5bf7ab0a18196a481933081
        EAP-Message =
0x90310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311e301c06035504031315436572746966696361746520417574686f72697479820900d9dcff3987698a72300c0603551d13040530030101ff300d06092a864886f70d010105050003820101001ec43670817b76126b2433fb85bf51d67870b4c4d7e6774e3c5f450c8d1e5d0d7a878812c09decd07d3aa00386d7e9a3f0ff78015767d94a7063fbc62418fc
        EAP-Message = 0x66d1badfb2f5a6654185c9e8
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc4723e07c777330f252b64ab3b8aac1c
Finished request 66.
Going to the next request
Waking up in 2.5 seconds.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=72,
length=155
        User-Name = "msilvero"
        Framed-MTU = 1400
        Called-Station-Id = "0019.2fdb.9100"
        Calling-Station-Id = "001f.3c22.44e5"
        Service-Type = Login-User
        Message-Authenticator = 0x2851fcc991a9202cc513a5ad8b42d88d
        EAP-Message = 0x020500060d00
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 278
        State = 0xc4723e07c777330f252b64ab3b8aac1c
        NAS-IP-Address = 10.0.31.40
        NAS-Identifier = "ap"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "msilvero", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry msilvero at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 72 to 10.0.31.40 port 1645
        EAP-Message =
0x0106037a0d8000000b5c84d54ba8eb7d1802bb33ae272c6ae33a1f371394cacbfdc36c0dd90cd2a45b27e851fa308b5afba9c3084e6fe8eb04a2c296f328c401c5fd131e275d36db6fe471266bac60ac03bc52671946d3813931fa806d21dd0ad1bf1d243efb8c87cfac21b3bc3f6388cee5f661fcbc6f4f101d4e70989b243cb7a2612249a8918caef66497b10c9d61628506926941bd2d114d976fb8cbe71258686aaea6a0bb5e5c1527ec23b08c068a530e03a74878d6865971666abb10160301020d0c0002090080ad2df571269b93a787f80235487c28f730b4907620fed69ef713bb4f43d3579e11b02fbf45ab4e74cf79b5d447af0fe6805157
        EAP-Message =
0x482f2b5f8185c4cc59061e6882ab9e4dd6def0736c0583158ab64a30e9a2de020c5e4f7a41b4c58149a9b110a6d3b521f30e96e82b2b43f2d0d1a699b6484f8c814f72d4fe8fc11d7943f2c6a300010200807eb17e2cd3bfe68954119040daeedff8b2dc0f3023ecc737b3a453b849a6725a6a17f801675e8821a4fc4cddb378120790c895fe52327e02e8f9c6e8f9ec839f7defbb6ff24ce37109716f9036c08068ff8831d267f1bad81afb6e34b1bf3311e69fece8ba8a23f36cd8d30950fb02bf350c76523ca7648447a0cf838438d6230100a9bd246a3c125ff2d25837a5df1922c8e4e41cc543755bee745d052ab78c4166ba6f335041d76861c5
        EAP-Message =
0xc740bad59cc9d2b8901fba33e059f7f57eee59d50dff516179b5711c69c66b23f84f4c23976bfcb43b165784d36e4cdf6fae15d73158919ac4399fa34e7d072443949445c14474daa34cf2879b6af859b0ae20854b3b884baa36d9a3efa6ba97011e1d1f7b4807341d9386dc3d6047ed366d83a9c5b511071cc08bc7fa680064cad079a244fed8702ff7176d54f3de6a49fa7de1724dfa657681c3a762f16e264bfe145511225959cbe539409a8cfe85d4bb384d1a05e928d5de903c99dd5da60549dcbd39bba7953a3ead5575372e0f37f8ebf688e82516030100a40d00009c040304010200950093308190310b300906035504061302415231153013
        EAP-Message =
0x0603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311e301c06035504031315436572746966696361746520417574686f726974790e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc4723e07c074330f252b64ab3b8aac1c
Finished request 67.
Going to the next request
Waking up in 2.5 seconds.
rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=73,
length=1539
        User-Name = "msilvero"
        Framed-MTU = 1400
        Called-Station-Id = "0019.2fdb.9100"
        Calling-Station-Id = "001f.3c22.44e5"
        Service-Type = Login-User
        Message-Authenticator = 0xab3523198d100765a920a24032159941
        EAP-Message =
0x020605640d800000055a16030103840b00038000037d00037a308203763082025ea003020102020102300d06092a864886f70d01010405003077310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c060355040a130549504c414e311b3019060355040313125365727665722043657274696669636174653124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172301e170d3038303931313139333731355a170d3039303931313139333731355a306d310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c0603
        EAP-Message =
0x55040a130549504c414e3111300f060355040313086d73696c7665726f3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e617230820122300d06092a864886f70d01010105000382010f003082010a0282010100df4cf6b433a99e968c3032dc86887f26d20b302e996519460cd0c816fe3b4513794e0dd0c40ad573e59684615ab282db1af575f30ab44493abfeaf28154490523082d8531d282d79b4074aae96899c864baf660ebffe60ce1321de0a92cd6fc39b068e068195e4c9e6796de0c812420773f104d59b68f4e2ebc62ac86c02fdc22be08f0da9f12fece103fcaf1d3b45f0c63a0fa55da1aeeb26
        EAP-Message =
0x9abff0c6a02984eaea3005d9b8e5c7e1c8bf191f326dd809ea05de48f245223e1ba582587119ded08144006ab2601daf6a405720ed912c9fa976bf8c3450f9a343ffd630530f144dca9e338915de3c1bee28a4d62142bc12541caeb7e6f5315da70fa7879fd79d0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d01010405000382010100c7b5c38930036400b1bba7dc9dcceef40b155059e124b445dd9600c8a00bab47396d76f2f9c42f40ae4a799dd9ef67169d7d748f6967f0474f46366ae80b325dad23879616f8889a5e182d89bdab15e1bbbf6b708054059e55e21eceab9115bc7d494753
        EAP-Message =
0xfdcd0cb2c1323d872065465f112d9faabf1ebaef18cb615b818523e10b1c097b9dd4e170c9520bbf3e38e07c4001f6636739e2a756ccd7fc92d180edd66d493dc87a351b4f9203d8c9c034a1efc4b735727b7d04d3e9192ac68a4b33179eb1d2c671486551668a27d712e315aa7cd3f1d2ab328d89a41ccb3404435a493d644b67e64696d642c01c06f54f872d6a8744c6478cfd22f42d42b4021be3160301008610000082008009d50971946c422ae7a50a343bf17f7e5fc6097c5f8cddde0c246670bdd56771841c746db55bd3b8c450850b9ad84e4a99aea116ef578aed3102a603be729aef0fdc879a7578b5a98d94549f9810d1be6a06113673a2
        EAP-Message =
0x30e516579b67463d93e885e58c9adced68eecb9f106a7b1554c83307f5b993acf3beb4b9016ef5a19fa116030101060f0001020100a6276e0d6682c25fe886c3d80cb517f574b630e6d1ffc2cf8a90b699b8a0c98e7317b6b4a391330a221c1c23717d9fce471df755ddcb5a49e3ad3417d096dda1d8f55fdb80fe095e7f50e950d66b1be490f52fc97e3c47364cac2391e25d24f196ea4d57e7059dae449cd52c47d3b660b49f5d3b180956a56d9897c46e61f5a9ea862b89807f1ce792ce5b9f99d8be3126eabbbb4fb6fbb93e13223c203ccd159c43afd3bce3538b22d4187c31f4a7cb583efa74a34bf2ce2d22bb7f455ad67b2a9928e0b5deb8d2
        EAP-Message =
0x2c8c0542ba87680a7062650816c023c0f3c1fdfa5f1aa4d89030a65b59673d6b9990835818a5ad2d986f3ee9732c6c73bbd24646007fc2ef140301000101160301003029d9e8b20a09e539534830d4eaa73fc19de54c7b9ed0d2586ac9c1adda6438ef3ba746c7c1fa18ad064d0a222d1489ce
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 278
        State = 0xc4723e07c074330f252b64ab3b8aac1c
        NAS-IP-Address = 10.0.31.40
        NAS-Identifier = "ap"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "msilvero", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 6 length 253
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry msilvero at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
  TLS Length 1370
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0384], Certificate
--> verify error:num=20:unable to get local issuer certificate
  rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
    TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
  eaptls_process returned 13
  rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> msilvero
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 73 to 10.0.31.40 port 1645
        EAP-Message = 0x04060004
        Message-Authenticator = 0x00000000000000000000000000000000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081006/678a15ac/attachment.html>


More information about the Freeradius-Users mailing list