Decoupled accounting

Devinder Singh devinbhullar at gmail.com
Tue Aug 4 03:53:56 CEST 2009


Hi Ivan,

When i clik on my SSID palstaff it prompts for the certificate name

username on certificate so i selected

devinder at palettemm.com

Click OK then authentication failed on the SSID

2009/8/4 Devinder Singh <devinbhullar at gmail.com>:
> Hi Ivan
>
> Ok i managed to install ca.der and client.p12 on my XP
>
> When i run radiusd -X i get
>
> rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
> id=30, length=216
>        User-Name = "devinder at palettemm.com"
>        NAS-IP-Address = 203.121.4.59
>        Called-Station-Id = "00-20-a6-6c-49-9d:palstaff"
>        Calling-Station-Id = "00-04-23-7b-56-b9"
>        NAS-Identifier = "ORiNOCO-AP-700-6c-49-9d"
>        State = 0xf30ae66df60debd09c91249e7b82f0a9
>        Framed-MTU = 1400
>        NAS-Port-Type = Wireless-802.11
>        EAP-Message =
> 0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa
>        Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] Looking up realm "palettemm.com" for User-Name =
> "devinder at palettemm.com"
> [suffix] No such realm "palettemm.com"
> ++[suffix] returns noop
> [eap] EAP packet type response id 7 length 44
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> [files] users: Matched entry devinder at palettemm.com at line 94
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] eaptls_verify returned 7
> [tls] Done initial handshake
> [tls] <<< TLS 1.0 Handshake [length 03b2], Certificate
> --> verify error:num=20:unable to get local issuer certificate
> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert write:fatal:unknown CA
>    TLS_accept:error in SSLv3 read client certificate B
> rlm_eap: SSL error error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> SSL: SSL_read failed in a system call (-1), TLS session fails.
> TLS receive handshake failed during operation
> [tls] eaptls_process returned 4
> [eap] Handler failed in EAP/tls
> [eap] Failed in EAP select
> ++[eap] returns invalid
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject]     expand: %{User-Name} -> devinder at palettemm.com
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 6 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 6
> Sending Access-Reject of id 30 to 203.121.4.59 port 6001
>        EAP-Message = 0x04070004
>        Message-Authenticator = 0x00000000000000000000000000000000
> Waking up in 3.8 seconds.
> Cleaning up request 0 ID 24 with timestamp +83
> Cleaning up request 1 ID 25 with timestamp +83
> Cleaning up request 2 ID 26 with timestamp +83
> Cleaning up request 3 ID 27 with timestamp +83
> Cleaning up request 4 ID 28 with timestamp +83
> Cleaning up request 5 ID 29 with timestamp +83
> Waking up in 1.0 seconds.
> Cleaning up request 6 ID 30 with timestamp +83
> Ready to process requests.
>
>
>
> Users File
>
>
> "devinder at palettemm.com" Auth-Type := EAP
>
> DEFAULT Auth-Type := Reject
>        Reply-Message = "Authentication Failed"
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 2009/8/3 Ivan Kalik <tnt at kalik.net>:
>>> Do i copy  this file to the XP and install ca.der
>>>
>>> ca.der and client.p12
>>
>> Yes.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>
>
>
> --
> Devinder
>



-- 
Devinder




More information about the Freeradius-Users mailing list