Microsoft: Certificate Authentication

Fernando Calvelo Vazquez fernando.calvelo at esrf.fr
Wed Dec 2 15:06:23 CET 2009


I'm a newbie, and I'm trying to configure a simple EAP-TLS 
autententication by using client certificates.
I have follow different procedures that I have found on the web to do 
that, but no successful currently

http://wiki.freeradius.org/WPA_HOWTO#HOWTO_Do_It:_An_Outline
http://www.linuxjournal.com/node/8151/print1

I have 2 questions:

- 1st... How I should read the output log? I see something like 
different attempts by using different methods, but I don't know if they 
are correlated between them.
- 2nd... What is wrong in my configuration? I can not distinguish, at 
the moment, which is the entry at logs that I should focus.

This is the full output log of my attempt.
--------------------------------------------------
rad_recv: Access-Request packet from host 160.103.180.252 port 32769, 
id=243, length=164
        User-Name = "user"
        Calling-Station-Id = "00-1d-e0-7f-c7-bd"
        Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
        NAS-Port = 13
        NAS-IP-Address = 160.103.180.252
        NAS-Identifier = "wlc01"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "82"
        EAP-Message = 0x020200090175736572
        Message-Authenticator = 0xfba02c8ac6cde8bd5e9cc9c8802e9b93
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 243 to 160.103.180.252 port 32769
        EAP-Message = 0x01030016041079a3e325aa029e8ab2ff01846230544a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4846a7ba4845a389971edb0de589acf4
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 160.103.180.252 port 32769, 
id=244, length=179
        User-Name = "user"
        Calling-Station-Id = "00-1d-e0-7f-c7-bd"
        Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
        NAS-Port = 13
        NAS-IP-Address = 160.103.180.252
        NAS-Identifier = "wlc01"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "82"
        EAP-Message = 0x02030006030d
        State = 0x4846a7ba4845a389971edb0de589acf4
        Message-Authenticator = 0x37a434abc65138138fd4796c6e762cc2
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/tls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 244 to 160.103.180.252 port 32769
        EAP-Message = 0x010400060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4846a7ba4942aa89971edb0de589acf4
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 160.103.180.252 port 32769, 
id=245, length=288
        User-Name = "user"
        Calling-Station-Id = "00-1d-e0-7f-c7-bd"
        Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
        NAS-Port = 13
        NAS-IP-Address = 160.103.180.252
        NAS-Identifier = "wlc01"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "82"
        EAP-Message = 
0x020400730d800000006916030100640100006003014b1670b85bd6ec60f746bf7a25503e108c5e77945815b72de35f874617cd6a63000018002f00350005000ac009c00ac013c01400320038001300040100001f00000009000700000475736572000a00080006001700180019000b00020100
        State = 0x4846a7ba4942aa89971edb0de589acf4
        Message-Authenticator = 0x59ee0b77dde94d67dcf75a8acfd955e9
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 115
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
  TLS Length 105
[tls] Length Included
[tls] eaptls_verify returned 11
[tls]     (other): before/accept initialization
[tls]     TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0064], ClientHello
[tls]     TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls]     TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 082d], Certificate
[tls]     TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 009b], CertificateRequest
[tls]     TLS_accept: SSLv3 write certificate request A
[tls]     TLS_accept: SSLv3 flush data
[tls]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 245 to 160.103.180.252 port 32769
        EAP-Message = 
0x010504000dc000000901160301002a0200002603014b1670b8b8cc1d715d848ee2743ba05da48da5fc7a1e2a8a80dba3c240f6d13300002f00160301082d0b0008290008260003933082038f30820277a003020102020105300d06092a864886f70d0101040500308189310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d303931323032
        EAP-Message = 
0x3133323134345a170d3130313230323133323134345a3073310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e4a3599d55dfed32bb2dd97edb7febd830ce39f41874d0e5f74b02585faf7ff9f45052dd354b8ef114ddb63b67f470f8192ede48e9c3c437f880bd3a5d089f57891e58e73acae452c5949dff5412b4f11e
        EAP-Message = 
0x11c6d4b61a8104ee317e1fd4b1d241f76a6ecb1b26f0a1018bdadc4f176fdfc66dd1f5c4f56f8e48d11662f907db5ad6cceb705ad435fe7a3c3e70486c73430c4c193f6738250000b10de634552ff3f0d54207d4fd9f0192fec213ec4854bc46febdcad27abc72c72e45415d558fc8643a6a49c4b5aef0593cf62edb551cc9b1d53aca3694c3ffbf23659967eddb44828020893ffa2c06c38bbf598efb81c42456936e91e09c701c39b054be846e710203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100b66737e13bf16a7366c344dc8b550ebe9774944d5030c68b708ec435
        EAP-Message = 
0x5fff762e9d2a02348589178c7783f3678cc10fbc3635f8156166c4e26842e3c9513df9acff0088f53f84042dc05b12732a9f91fe4731e01a7bb115d918144fa642b1395d91cfc5a4249c911875ea199ddc5dc9fc51fa5852c158e9ac39c2b26bf332504c2e63aa147adaa2a9c5e064b5644ce279811c2324836c5bceef65a350a54d72338630fe8e3527680f7b726248efc0046e01b73e7f239ceed69d8745026dba7e2eb4928da67f793e20107051069e8f8490250a4e5e26fff78a0fbee04a323dd70ba6d2a70197c5a1be93f007f9701428dab8f3ddd0335317ad61379282335cdc0b00048d3082048930820371a003020102020900c029cc32e98c
        EAP-Message = 0x0217300d06092a864886f70d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4846a7ba4a43aa89971edb0de589acf4
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 160.103.180.252 port 32769, 
id=246, length=179
        User-Name = "user"
        Calling-Station-Id = "00-1d-e0-7f-c7-bd"
        Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
        NAS-Port = 13
        NAS-IP-Address = 160.103.180.252
        NAS-Identifier = "wlc01"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "82"
        EAP-Message = 0x020500060d00
        State = 0x4846a7ba4a43aa89971edb0de589acf4
        Message-Authenticator = 0x5133bbfe13db2695294ac87d88e0dc90
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 246 to 160.103.180.252 port 32769
        EAP-Message = 
0x010604000dc0000009010101050500308189310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313230323133323134345a170d3130313230323133323134345a308189310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a130445535246
        EAP-Message = 
0x3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c42d37329909ff866c2ddd7493ae65d1195619adc00afcf3df4c8487a1149b846ed5f7ca57c07e8de91342bd39871ab92136939454c6510cfdc7f33790c170be30a40c97c7137aa15520cf6d37ef5f6bca12f8a0ad15c8413fda300399fe55b98b03e15b278e9139e288e1c253fee049b2f874a782e7dc018d1da6ef9ac2b836f55803e60d494e9e64c9bef5e531a6d7280a
        EAP-Message = 
0x8035abfcaa54882ec8ba886f0b1f66636dbde3450dd5c2454f82cca89dc164cbd6244e8ce57b99bdd6ce61d600724c945bddbeb1aae178c8435b44f09b11ce77eb11336e9fdba425d0f6f2afa0da1fecb8967a85bcd97d0913a34c345f9808b514885c7ed884c90b9da18f929fef0203010001a381f13081ee301d0603551d0e04160414915d8065ec5af3fb19079647ad4a44563f8936323081be0603551d230481b63081b38014915d8065ec5af3fb19079647ad4a44563f893632a1818fa4818c308189310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b06035504
        EAP-Message = 
0x0a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900c029cc32e98c0217300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100bd49d4ca86009b4fcb6a7a2b282ec2df2c749d166d356141b4c1b5720ebf955c7eaf1acd37e6b4a6226eaa9b603905b81f9ff8e0a8c6be4de629e77c50b1e6cee78bfe7ea8510c5fc3f4a4251e4f08a49da2c13a2c07dec815df4ed33c7a84801f7b4b9af5af2319269cb95354048763d7eb5f5e8ccb1db6f5a3cbb186ce8f
        EAP-Message = 0x84e025c2599b56ae3f98b749
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4846a7ba4b40aa89971edb0de589acf4
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 160.103.180.252 port 32769, 
id=247, length=179
        User-Name = "user"
        Calling-Station-Id = "00-1d-e0-7f-c7-bd"
        Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
        NAS-Port = 13
        NAS-IP-Address = 160.103.180.252
        NAS-Identifier = "wlc01"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "82"
        EAP-Message = 0x020600060d00
        State = 0x4846a7ba4b40aa89971edb0de589acf4
        Message-Authenticator = 0x2ed77d6f8362c5cde55db3be96604946
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 247 to 160.103.180.252 port 32769
        EAP-Message = 
0x0107011f0d80000009010c98a5d5cb4f8686ffab6198d77af42723db6e94a6d16de1d592da88d99db195084d59eceff6109ddcbfee6b34f5d1770916ce2eb4841a7f326652c0b3e249a1b259bc817dcf4e3a8e0696084952b478fd9dc31b4af2a68d856af8b32c211f13e21305938b4d1125eaf352e4beacfb702c3fcfef57160301009b0d000093020102008e008c308189310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355040313
        EAP-Message = 
0x1d4578616d706c6520436572746966696361746520417574686f726974790e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4846a7ba4c41aa89971edb0de589acf4
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 160.103.180.252 port 32769, 
id=248, length=1660
        User-Name = "user"
        Calling-Station-Id = "00-1d-e0-7f-c7-bd"
        Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
        NAS-Port = 13
        NAS-IP-Address = 160.103.180.252
        NAS-Identifier = "wlc01"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "82"
        EAP-Message = 
0x020705c50d80000005bb160301057b0b00036b0003680003653082036130820249a003020102020106300d06092a864886f70d01010405003073310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d301e170d3039313230323133323335385a170d3130313230323133323335385a305c310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246310d
        EAP-Message = 
0x300b0603550403130475736572311f301d06092a864886f70d010901161075736572406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201010097d42e7efd9d6d3779c7e8332bf95412f7b3f899adbc9a82c23bc1a5b042eb94644e7b0d2687cce6d5614d4b026e69e08d8fe4d3c74c393311e6b9a781306be331b51a31cdd983d7bdf9eb42876f2f399a103bc527457830dc5f19ec094c43aaebef0a0a3a98acacd4eec724c1dc9a412a88f0b2a61a138a715e41c9f38b54ade7bbd45a447afff20d7d670f554495a3ef91a1d8b74ec9e8ced3820d735fe98865ec21660ccc19888cb9ec7c7a2f
        EAP-Message = 
0xa5d93096a267ddf7c02d459ff973a0e5934180dae55573573e11feef218391dc2a63de3153d1fb0455c3639bf54292318164a9227db552c322338c6f62f089791adedc9c12c7abba5d291505e021430b3fb70203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d0101040500038201010052828c773deb6f47894b702ebcab180a57224ca1782f9c88c0dfb06f7960c76596b71e4cfc16db61a122160fb297a13135e84f615e886bbfc7f0b543a70f427cd8494b9509b9b1b30ebb45eeaea41f787a7a28d26bea6a25fd4c268e5d6719d21ff6a9742f6df9eb1e05489f68ad1974e2110a6a391cf4d6db
        EAP-Message = 
0x2b2bbcdc4b7a7b199daa3a456d44d1b114c78636ce369a783713e502dc811d6ae6f11bc7bfe2ef08cbdda19bcabdf3d9676f6567e49332a90f1fe37b3b862d1adaf12bc2b97c3082103600bac2722531c3f20cf1fb0b92d5e6bffdfc881907116057822a51c6545efab63513e2a15d27a732ff6cd9c80cf414318fcb9ca6031afedaa8737f238c1000010201007100aa87914b3d5afcf8b203a91ff18361a257a8e68e9e6bf9b236982e7656f6c3da3ed8a18342e40c92156885d1194a93679ee4bf4f42074d51aaef8727711f26c2cb98dc14628eba9a36b23ddd7c43f2a96b826a34667cf0bcbf2be7c85ed29f72ba866ac985e465a81cc77f23e217
        EAP-Message = 
0xf4ebee899a796d8461d06621a80cf7efd815ca1a6efc57e26791f8eafb7392757d7ae8a5a1817c2f5fc28186102f1d301e15829c064b6812dd4edb73748ad35ee3354018de6c2c0dc73c8c956dcecd40ffc1341bbda72d477654596b9111bd49b4aaeecacc4f99651dc329ee6bf72c02e77d6e8561272aa62d553c7c944add2f7c504bba595f8bec2d90f0a75401b59f0f000102010056e9a7514c9bfa911b4a6d83d7130c0c24879e41a7c0ccde757404bec262a7557ace3546baa5f02898b091fad9088406da74645a09bd172aad189741756d8b1b23ed2c84d889ec28a68ee9fb2b7f47688d588cc35a97e7b2d5709e8a9870d3b2cd029a485b14c6
        EAP-Message = 
0xf3461ec7f6295ffdd05d5ca94c21d46e0d583f9dc5277ecf6a528be053c527b8fe02a0a84a98aa37d5753bf7291667c49503f0f22b4394dbba0857c80f6a9a023bf56a611a2ff952ef45e8a63ac3153665b66b2324fc85101685b49eb9ec76fb9096cde885df4da1fa2224b40943fb907b068115f2905c3af2cab52008a8d436497189290f3ac638cc4ded6f354248dddca15525478c24be5a14030100010116030100303a6cd161291c5ff4a3e3494d75d28b57382f8af5678c9dcc668c2ad222086bb540169e6c1b135e147be876d29bd03ea2
        State = 0x4846a7ba4c41aa89971edb0de589acf4
        Message-Authenticator = 0x8126ccaf88a0d4a9c279618a24fbf364
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
  TLS Length 1467
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] <<< TLS 1.0 Handshake [length 036f], Certificate
--> verify error:num=20:unable to get local issuer certificate
[tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
    TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> user
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 248 to 160.103.180.252 port 32769
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 0 ID 243 with timestamp +7
Cleaning up request 1 ID 244 with timestamp +7
Cleaning up request 2 ID 245 with timestamp +7
Cleaning up request 3 ID 246 with timestamp +7
Cleaning up request 4 ID 247 with timestamp +7
Waking up in 1.0 seconds.
Cleaning up request 5 ID 248 with timestamp +7
Ready to process requests.
-------------------------------

Thanks a lot in advance for your help.
Regards,

     Fernando.



More information about the Freeradius-Users mailing list