Decoupled accounting

Devinder Singh devinbhullar at gmail.com
Tue Aug 4 10:12:33 CEST 2009


Hi Ivan


I still get the same error now


Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 03b2], Certificate
--> verify error:num=20:unable to get local issuer certificate
[tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
    TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> devinder at palettemm.com
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 141 to 203.121.4.59 port 6001
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 1 ID 135 with timestamp +120
Cleaning up request 2 ID 136 with timestamp +120
Cleaning up request 3 ID 137 with timestamp +120
Cleaning up request 4 ID 138 with timestamp +120
Cleaning up request 5 ID 139 with timestamp +120
Cleaning up request 6 ID 140 with timestamp +120
Waking up in 1.0 seconds.
Cleaning up request 7 ID 141 with timestamp +120
Ready to process requests.



2009/8/4 Devinder Singh <devinbhullar at gmail.com>:
> Ok i took your advise and yes its a diffeenrent error now
>
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
> id=134, length=181
>        User-Name = "devinder at palettemm.com"
>        NAS-IP-Address = 203.121.4.59
>        Called-Station-Id = "00-20-a6-6c-49-9d:palstaff"
>        Calling-Station-Id = "00-04-23-7b-56-b9"
>        NAS-Identifier = "ORiNOCO-AP-700-6c-49-9d"
>        Framed-MTU = 1400
>        NAS-Port-Type = Wireless-802.11
>        EAP-Message =
> 0x0203001b01646576696e6465724070616c657474656d6d2e636f6d
>        Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] Looking up realm "palettemm.com" for User-Name =
> "devinder at palettemm.com"
> [suffix] No such realm "palettemm.com"
> ++[suffix] returns noop
> [eap] EAP packet type response id 3 length 27
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> [files] users: Matched entry devinder at palettemm.com at line 94
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 134 to 203.121.4.59 port 6001
>        EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x17b5db9117b1dfd16583cca5ed9db022
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 134 with timestamp +1
> Ready to process requests.
>
>
>
>
>
> 2009/8/4 Devinder Singh <devinbhullar at gmail.com>:
>> HI Ivan
>>
>> Thanks. Yes i have double click on the ca.der file and client.p12 both
>> were installed successfuly.
>>
>> I also manaed to set up my SSID palstaff and when i click on the SSID
>> i see a pop up windows on my wireles LAN  asking for my username on
>> certificate and i selected
>>
>> devinder at palettemm.com from the combo drop down list and click OK
>>
>> when i click OK  radius reports the following error
>>
>> TLS Alert write:fatal:unknown CA
>>    TLS_accept:error in SSLv3 read client certificate B
>> rlm_eap: SSL error error:140890B2:SSL
>> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>> SSL: SSL_read failed in a system call (-1), TLS session fails.
>> TLS receive handshake failed during operation
>> [tls] eaptls_process returned 4
>> [eap] Handler failed in EAP/tls
>> [eap] Failed in EAP select
>> ++[eap] returns invalid
>> Failed to authenticate the user.
>> Using Post-Auth-Type Reject
>> +- entering group REJECT {...}
>> [attr_filter.access_reject]     expand: %{User-Name} -> devinder at palettemm.com
>>  attr_filter: Matched entry DEFAULT at line 11
>> ++[attr_filter.access_reject] returns updated
>> Delaying reject of request 6 for 1 seconds
>> Going to the next request
>> Waking up in 0.9 seconds.
>> Sending delayed reject for request 6
>> Sending Access-Reject of id 133 to 203.121.4.59 port 6001
>>        EAP-Message = 0x040a0004
>>        Message-Authenticator = 0x00000000000000000000000000000000
>> Waking up in 3.6 seconds.
>> Cleaning up request 0 ID 127 with timestamp +18
>> Cleaning up request 1 ID 128 with timestamp +18
>> Cleaning up request 2 ID 129 with timestamp +18
>> Cleaning up request 3 ID 130 with timestamp +18
>> Cleaning up request 4 ID 131 with timestamp +18
>> Waking up in 0.2 seconds.
>> Cleaning up request 5 ID 132 with timestamp +18
>> Waking up in 1.0 seconds.
>> Cleaning up request 6 ID 133 with timestamp +19
>> Ready to process requests.
>>
>>
>>
>>
>>
>>
>>
>> 2009/8/4 Ivan Kalik <tnt at kalik.net>:
>>>> I mnaged to follow the steps in /etc/raddb/certs/README
>>>>
>>>> and copied ca.der and client.p12 to XP machine
>>>
>>> It looks like you have copied them but not installed them in the
>>> certificate store. Double-click the certificates and install them first.
>>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
>>
>>
>>
>> --
>> Devinder
>>
>
>
>
> --
> Devinder
>



-- 
Devinder




More information about the Freeradius-Users mailing list