Error in the negotiations certificates

tnt at kalik.net tnt at kalik.net
Thu Oct 16 19:11:24 CEST 2008


>I know, but what he does not understand is how to referee when you talk
>about "cabundle" because what I have in / cert are the certificates that I
>made in the steps of README, which I did not serve for windows, that the
>back to delete?
>when I run the command openssl x509-inform PEM-in-outform DER ca.pem-out
>ca.der, nothing changes, run and I created a "ca.der," what amount to the
>notebook and again gives me the same error.

cabundle is not created by freeradius - you have to do that. You have
quoted the information that I gave about creating cabundle in your first
post (thread had something with CA.all in the title). Add ca.pem and
server.pem into a cabundle.pem; convert cabundle.pem into cabundle.der;
import cabundle.der onto the client (instead of ca.der). All the
information about doing this is available to you. Use it.

Ivan Kalik
Kalik Informatika ISP

>
>
>
>
>log:
>
>
>Sending Access-Challenge of id 190 to 10.0.31.40 port 1645
>        EAP-Message =
>0x010404000dc000000b44160301004a02000046030148f7681908289a36972e0c3b15b0d971036bbe355b9d493d5a4fced4e392e7792010d59ced27c0ac19921ee9205fcc168bbcd8e2e324c80acc31fd8076d8ecc48000390016030108390b000835000832000396308203923082027aa003020102020101300d06092a864886f70d010104050030818c310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3120301e06092a864886f70d0109011611636572744069706c616e2e636f6d2e6172311e301c060355
>        EAP-Message =
>0x04031315436572746966696361746520417574686f72697479301e170d3038313031303134353031385a170d3039313031303134353031385a3073310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c060355040a130549504c414e311b3019060355040313125365727665722043657274696669636174653120301e06092a864886f70d0109011611636572744069706c616e2e636f6d2e617230820122300d06092a864886f70d01010105000382010f003082010a0282010100bacfd3d0fa48b30002182ca8ac9a31672b4ad7dcd6b45d7df598774e7af3c4d6cd46447144260ae3daac561a93e7
>        EAP-Message =
>0xd97d8a9889591b5cd3cf6924d4dc5aaa78a8013bde946b633e51abb4b6150fbe66a8743dd34a887f5c731a685c811c5660ba3d68abd028679464d28af4171dea0a3e99a80ba7b75c10d3c5480a319ea9b9ca6a9d14536b6524eb6f559b10f8f326d612836e88d2b28e03a574ede8b7a7bfdde0a7846543a713bb279c81bb681e50609c10ca2b2f5b6b4b2c1683c9a60ae8c7121ce2a81fc124189d4f356dee804a45b49f71547f788006bc247c65a98e81c2359cc537ef1c65d8137aa6cf6b2aff605d4da97c7a5abad17885608d027ddc370203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104
>        EAP-Message =
>0x050003820101008c4607f2629625d8c81fce1a7e3afddd78428b75078cd3d8e56f27c48c18af5aa4bd56bc0cb18b750abdaf2d2c275f280a10f96b7768982115fde0abe0f0efa32fc684ce1d15512346aae7e8bef802a06b2f4b5013614208f5d32916532e9ba00b2a24da3cf20fdd7137b6792b80a508b0ccd5781446eed07f2afe8b132818d4e82c94200f8561b80f55550f9eb8db6cdb5ad6efa0588cfd3bcfbdfd329ce85ccf598ffdc95d5b06a4b7e2ef5b77fb895acf66969780419bdc0c8c0ecfe9d3978ffafcde51868b257f8c14cf2669cce1d7a6c4b0a3868e9bfff3408d694f2250ff3b9e730ceed97d84e6f21e80062326d63c771a946d
>        EAP-Message = 0x4d7692a192d9ca4b95110004
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xfec434f0fcc03929b80b395aebf61421
>Thu Oct 16 13:13:13 2008 : Debug: Finished request 142.
>Thu Oct 16 13:13:13 2008 : Debug: Going to the next request
>Thu Oct 16 13:13:13 2008 : Debug: Waking up in 4.3 seconds.
>rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=191,
>length=151
>        User-Name = "cert"
>        Framed-MTU = 1400
>        Called-Station-Id = "0019.2fdb.9e00"
>        Calling-Station-Id = "001f.3c22.44c5"
>        Service-Type = Login-User
>        Message-Authenticator = 0xa1b889b6c699680d2ff044a1cc9a3ba6
>        EAP-Message = 0x020400060d00
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 1194
>        State = 0xfec434f0fcc03929b80b395aebf61421
>        NAS-IP-Address = 10.0.31.40
>        NAS-Identifier = "ap-Reconquista-31"
>Thu Oct 16 13:13:13 2008 : Debug: +- entering group authorize
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling preprocess
>(rlm_preprocess) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from
>preprocess (rlm_preprocess) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[preprocess] returns ok
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling chap
>(rlm_chap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from chap
>(rlm_chap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[chap] returns noop
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling mschap
>(rlm_mschap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from
>mschap (rlm_mschap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[mschap] returns noop
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling suffix
>(rlm_realm) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:     rlm_realm: No '@' in User-Name =
>"cert", looking up realm NULL
>Thu Oct 16 13:13:13 2008 : Debug:     rlm_realm: No such realm "NULL"
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from
>suffix (rlm_realm) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[suffix] returns noop
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling eap
>(rlm_eap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:   rlm_eap: EAP packet type response id 4
>length 6
>Thu Oct 16 13:13:13 2008 : Debug:   rlm_eap: No EAP Start, assuming it's an
>on-going EAP conversation
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from eap
>(rlm_eap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[eap] returns updated
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling unix
>(rlm_unix) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from unix
>(rlm_unix) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[unix] returns notfound
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling files
>(rlm_files) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:     users: Matched entry cert at line 76
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from
>files (rlm_files) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[files] returns ok
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling expiration
>(rlm_expiration) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from
>expiration (rlm_expiration) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[expiration] returns noop
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling logintime
>(rlm_logintime) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from
>logintime (rlm_logintime) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[logintime] returns noop
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: calling pap
>(rlm_pap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: rlm_pap: Found existing Auth-Type, not
>changing it.
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authorize]: returned from pap
>(rlm_pap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[pap] returns noop
>Thu Oct 16 13:13:13 2008 : Debug:   rad_check_password:  Found Auth-Type EAP
>Thu Oct 16 13:13:13 2008 : Debug: auth: type "EAP"
>Thu Oct 16 13:13:13 2008 : Debug: +- entering group authenticate
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authenticate]: calling eap
>(rlm_eap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug:   rlm_eap: Request found, released from
>the list
>Thu Oct 16 13:13:13 2008 : Debug:   rlm_eap: EAP/tls
>Thu Oct 16 13:13:13 2008 : Debug:   rlm_eap: processing type tls
>Thu Oct 16 13:13:13 2008 : Debug:   rlm_eap_tls: Authenticate
>Thu Oct 16 13:13:13 2008 : Debug:   rlm_eap_tls: processing TLS
>Thu Oct 16 13:13:13 2008 : Debug: rlm_eap_tls: Received EAP-TLS ACK message
>Thu Oct 16 13:13:13 2008 : Debug:   rlm_eap_tls: ack handshake fragment
>handler
>Thu Oct 16 13:13:13 2008 : Debug:   eaptls_verify returned 1
>Thu Oct 16 13:13:13 2008 : Debug:   eaptls_process returned 13
>Thu Oct 16 13:13:13 2008 : Debug:   modsingle[authenticate]: returned from
>eap (rlm_eap) for request 143
>Thu Oct 16 13:13:13 2008 : Debug: ++[eap] returns handled
>
>




More information about the Freeradius-Users mailing list