SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
john
lists.john at gmail.com
Fri Jun 12 20:10:37 CEST 2009
Hello All,
I am not able able to successfully get a port authorized via dot1x
(wired connection). I am using SecureW2 suite as a client. I get the
following message in the debug output of freeradius: "rlm_eap: SSL
error error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return a certificate"
I think this means that my windows XP client isn't returning a
certificate to the radius server, but I am not sure. I hope someone
can help me figure this out.
Below is a fuller output from freeradius.
Thanks!
John
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "john", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 218 to 10.1.3.222 port 1024
EAP-Message = 0x010601541580000009363f8ea34a8928213fd268bf7e6095409ac959f34f444b40faf097692923ad83963e0395fa7c5dbee0011b5a9e43c819695e8dff5e4e393438c1f21a524eb69847838585d3d3c5dc5768677062f7f1fa98a14c0a1efe75201e211059691499941fa930077d23734c28a28c985d3131b7f01d21faa3dea7a544df8e6c2e87746d1b4e82eec6475a3b538d87a6cad17520189c2f86f1aa9a6e1c0deca5e45d9ee916030100a60d00009e0301024000980096308193310b3009060355040613025553311330110603550408130a57617368696e67746f6e310f300d06035504071306566173686f6e310d300b060355040a13045649
EAP-Message = 0x53443127302506092a864886f70d010901161874656368737570706f727440766173686f6e73642e6f7267312630240603550403131d566173686f6e2049736c616e64205363686f6f6c2044697374726963740e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4aacbade4eaaaf8b77d4bfdb2d602cc2
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.3.222 port 1024,
id=219, length=558
Framed-MTU = 1480
NAS-IP-Address = 10.1.3.222
NAS-Identifier = "HP ProCurve Switch 2524"
User-Name = "john"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 16
NAS-Port-Type = Ethernet
NAS-Port-Id = "16"
Called-Station-Id = "00-04-ea-a7-c2-70"
Calling-Station-Id = "00-1c-25-93-26-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x4aacbade4eaaaf8b77d4bfdb2d602cc2
EAP-Message = 0x02060150150016030100070b00000300000016030101061000010201001ec801e7b54f1bacc0068882e8c18fce1cc9781c535dc2a9406139225a5f85a8bf309d83741a9c1980c009a09e60088af3eb8f6b0140772ca72a788e4653bf8b5df15e8a38eaa34da31bc6f2604438fb83156d7750ba083ee83838c06cdd09838e86289fb9dfe1e1664da15f157228a86ba5d248db4fae6c9e7d6c782ec9594d0e3c643becf5709608041eab084d0f2aa2237601f71b6ef98d0ee2a190101d67a908a98373884030becfb0df0b8c31349bcbfffc92e072bf3fc8591da21a70edfb234a916d3d1d19533ebec53f245e5facea057e1822a9ab93464dda7903198b
EAP-Message = 0xa87b9eb6eee9a3bca55c890b7161b1997f57f84244ef309bdbd91d5e63f9fab3140301000101160301002841175ab1eb200cb6ed8eb09ebdd827dcb0c94fb2f0cc4bbc1057c217d57c7082f6232bda1742633c
Message-Authenticator = 0x6d04184f1dac42b9c7c6da356158f8c5
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "john", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0007], Certificate
[ttls] >>> TLS 1.0 Alert [length 0002], fatal handshake_failure
TLS Alert write:fatal:handshake failure
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[ttls] eaptls_process returned 4
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> john
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 219 to 10.1.3.222 port 1024
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.5 seconds.
Cleaning up request 0 ID 214 with timestamp +10
Cleaning up request 1 ID 215 with timestamp +10
Cleaning up request 2 ID 216 with timestamp +10
Cleaning up request 3 ID 217 with timestamp +10
Cleaning up request 4 ID 218 with timestamp +10
Waking up in 1.2 seconds.
Cleaning up request 5 ID 219 with timestamp +10
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.3.222 port 1024,
id=220, length=211
Framed-MTU = 1480
NAS-IP-Address = 10.1.3.222
NAS-Identifier = "HP ProCurve Switch 2524"
User-Name = "john"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 16
NAS-Port-Type = Ethernet
NAS-Port-Id = "16"
Called-Station-Id = "00-04-ea-a7-c2-70"
Calling-Station-Id = "00-1c-25-93-26-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x02070009016a6f686e
Message-Authenticator = 0x4bff9404e7321b17c71b169a7fe8c714
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "john", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[control] returns updated
++[unix] returns updated
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 220 to 10.1.3.222 port 1024
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010800061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9e67c5bd9ee655f64d832ead121cf75
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.3.222 port 1024,
id=221, length=226
Framed-MTU = 1480
NAS-IP-Address = 10.1.3.222
NAS-Identifier = "HP ProCurve Switch 2524"
User-Name = "john"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 16
NAS-Port-Type = Ethernet
NAS-Port-Id = "16"
Called-Station-Id = "00-04-ea-a7-c2-70"
Calling-Station-Id = "00-1c-25-93-26-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xd9e67c5bd9ee655f64d832ead121cf75
EAP-Message = 0x020800060315
Message-Authenticator = 0xf05ccffdc48c602e7055f1f09fd9f5bc
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "john", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[control] returns updated
++[unix] returns updated
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 221 to 10.1.3.222 port 1024
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010900061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9e67c5bd8ef695f64d832ead121cf75
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.3.222 port 1024,
id=222, length=276
Framed-MTU = 1480
NAS-IP-Address = 10.1.3.222
NAS-Identifier = "HP ProCurve Switch 2524"
User-Name = "john"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 16
NAS-Port-Type = Ethernet
NAS-Port-Id = "16"
Called-Station-Id = "00-04-ea-a7-c2-70"
Calling-Station-Id = "00-1c-25-93-26-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xd9e67c5bd8ef695f64d832ead121cf75
EAP-Message = 0x020900381500160301002d0100002903013faeaed39396e322ae3de01571d4a0cd64ad1a76a0e496d88b18489466fa7e58000002000a0100
Message-Authenticator = 0xb689989c467d49826a7819dc6283749e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "john", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 56
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 002d], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 0857], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 00a6], CertificateRequest
[ttls] TLS_accept: SSLv3 write certificate request A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 222 to 10.1.3.222 port 1024
EAP-Message = 0x010a040015c000000936160301002a0200002603014a32986de07b75d573655c77f11d4537645a9e1e9e971ae8d47560ff836ac66800000a0016030108570b00085300085000039f3082039b30820283a003020102020101300d06092a864886f70d0101040500308193310b3009060355040613025553311330110603550408130a57617368696e67746f6e310f300d06035504071306566173686f6e310d300b060355040a1304564953443127302506092a864886f70d010901161874656368737570706f727440766173686f6e73642e6f7267312630240603550403131d566173686f6e2049736c616e64205363686f6f6c204469737472696374
EAP-Message = 0x301e170d3039303630383139323933385a170d3130303630383139323933385a3075310b3009060355040613025553311330110603550408130a57617368696e67746f6e310d300b060355040a1304564953443119301706035504031310564953442052616469757320436572743127302506092a864886f70d010901161874656368737570706f727440766173686f6e73642e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a9fb1e03259aafb1864477e036bb8f09194747b63bc2596d7c451882edd20837cb08675acf0e2d5fde4144bee680a0e2db76ed8fc5d717ae2cf3ab7f51acc522c7d3e50acd
EAP-Message = 0xa727b5aceb75346f22c7eef985b9703d2f7ac67192feb1e7762cd35e3c987bf5659fcd4167f60bdbf4a393ddf4b839fc6ef538c225f2277540cfd89602512127dd8c669c2010d7e7dbb2890e3b26ccc0912e3d67d0c115df2e9522999e5fc984e002890a87046517d6cc5b7a95b5e60ab5aa3b0bdc2471d3ae9a3c0a6774e29ef4df460cb409b010e998b0a80f17032e1c71cf4047f9ece5f2501fd32b6f7b4e25a4d62544f1cde4497f191c7224386d6762a6e1aba1e472af3ab50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010093bff95e424f631cf806273bae99ae9e
EAP-Message = 0xced52efcd8e0905a6ea89f11adec836027c810257d2007ae4862ee5d6ca2dc969866d0f851ea82d7ef607da5a544b99d6392c1f86388ed55837c61f6fb634c4b537dd646332b25d729d2e6b6504f5d79f5c973d307573459f1a1afc0b86831d033c8a64bab7ba84875028362a2d44a605b1097e244073a1d9df1ca3d51622e536be8e570dacb061726210a814eb075a15b42715bec94fe1d4d6c36dbed8382bb141163ea74331741736ebafd5ac8497a639d024648badffe66853fb42c81bc83f0053b6fec9b4795035e094090d8183a340625e32903f380a38eb5578bd79940931644a6c1ef74bb15815f2cffcd7f290004ab308204a73082038fa003
EAP-Message = 0x020102020900833987f5f546
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9e67c5bdbec695f64d832ead121cf75
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.3.222 port 1024,
id=223, length=226
Framed-MTU = 1480
NAS-IP-Address = 10.1.3.222
NAS-Identifier = "HP ProCurve Switch 2524"
User-Name = "john"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 16
NAS-Port-Type = Ethernet
NAS-Port-Id = "16"
Called-Station-Id = "00-04-ea-a7-c2-70"
Calling-Station-Id = "00-1c-25-93-26-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xd9e67c5bdbec695f64d832ead121cf75
EAP-Message = 0x020a00061500
Message-Authenticator = 0x16540a47b56572901005cd0703be8083
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "john", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 223 to 10.1.3.222 port 1024
EAP-Message = 0x010b040015c0000009363b43300d06092a864886f70d0101050500308193310b3009060355040613025553311330110603550408130a57617368696e67746f6e310f300d06035504071306566173686f6e310d300b060355040a1304564953443127302506092a864886f70d010901161874656368737570706f727440766173686f6e73642e6f7267312630240603550403131d566173686f6e2049736c616e64205363686f6f6c204469737472696374301e170d3039303630383139323833395a170d3130303630383139323833395a308193310b3009060355040613025553311330110603550408130a57617368696e67746f6e310f300d060355
EAP-Message = 0x04071306566173686f6e310d300b060355040a1304564953443127302506092a864886f70d010901161874656368737570706f727440766173686f6e73642e6f7267312630240603550403131d566173686f6e2049736c616e64205363686f6f6c20446973747269637430820122300d06092a864886f70d01010105000382010f003082010a0282010100a55584aa47296e32cbab93cdad9908b909d0d7b633fde3e846df3b9a70d74940eb63cd058ed1557ae9f98342785555a7f69b29a170e1b0cc9865448cf75f18bdf837559e6c58f8f8ed427076258110aa99459a3ee88350fe1ea5a295fe7b8d9b4861e4dc8281bee62c64ae560fad3d741127
EAP-Message = 0x090cf68c60831fe46c8a894e4b15d923bea2b62ffc0b274dafe6f18012a821d91c25e5a16763ce21fa710f971d003503692a98ec8bc7e7aa68ab0e35c8f98d6dee0e3997055d3dab1d5f02890e50c2e57c8f41bd59aae1eb012900d4772c0f4f833db3c0e43ca8ad1653a13316e926364cd35f252e607b0cedd51d257a82a5bdb87320d7984f7e3b3bc864e923710203010001a381fb3081f8301d0603551d0e04160414543e18343eb614370c4130e3ff1afd8cf93fe9af3081c80603551d230481c03081bd8014543e18343eb614370c4130e3ff1afd8cf93fe9afa18199a48196308193310b3009060355040613025553311330110603550408130a
EAP-Message = 0x57617368696e67746f6e310f300d06035504071306566173686f6e310d300b060355040a1304564953443127302506092a864886f70d010901161874656368737570706f727440766173686f6e73642e6f7267312630240603550403131d566173686f6e2049736c616e64205363686f6f6c204469737472696374820900833987f5f5463b43300c0603551d13040530030101ff300d06092a864886f70d010105050003820101007b2ccc21443a1b43a5562175e927500efa22c16d4d8dd566cdead0b0830269d54cd7afa1098199403df344c78059d781af4ce410cfcd663c52cec5440540b0663a6096dd0084bd20b8ea8601860e244d922f85b7f1
EAP-Message = 0xfc18f3952fd1dda7d4ecca4e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9e67c5bdaed695f64d832ead121cf75
Finished request 9.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.3.222 port 1024,
id=224, length=226
Framed-MTU = 1480
NAS-IP-Address = 10.1.3.222
NAS-Identifier = "HP ProCurve Switch 2524"
User-Name = "john"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 16
NAS-Port-Type = Ethernet
NAS-Port-Id = "16"
Called-Station-Id = "00-04-ea-a7-c2-70"
Calling-Station-Id = "00-1c-25-93-26-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xd9e67c5bdaed695f64d832ead121cf75
EAP-Message = 0x020b00061500
Message-Authenticator = 0xb4dd50363a7aa33881d9d2ba2fad1f4b
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "john", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 224 to 10.1.3.222 port 1024
EAP-Message = 0x010c01541580000009363f8ea34a8928213fd268bf7e6095409ac959f34f444b40faf097692923ad83963e0395fa7c5dbee0011b5a9e43c819695e8dff5e4e393438c1f21a524eb69847838585d3d3c5dc5768677062f7f1fa98a14c0a1efe75201e211059691499941fa930077d23734c28a28c985d3131b7f01d21faa3dea7a544df8e6c2e87746d1b4e82eec6475a3b538d87a6cad17520189c2f86f1aa9a6e1c0deca5e45d9ee916030100a60d00009e0301024000980096308193310b3009060355040613025553311330110603550408130a57617368696e67746f6e310f300d06035504071306566173686f6e310d300b060355040a13045649
EAP-Message = 0x53443127302506092a864886f70d010901161874656368737570706f727440766173686f6e73642e6f7267312630240603550403131d566173686f6e2049736c616e64205363686f6f6c2044697374726963740e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9e67c5bddea695f64d832ead121cf75
Finished request 10.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.3.222 port 1024,
id=225, length=558
Framed-MTU = 1480
NAS-IP-Address = 10.1.3.222
NAS-Identifier = "HP ProCurve Switch 2524"
User-Name = "john"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 16
NAS-Port-Type = Ethernet
NAS-Port-Id = "16"
Called-Station-Id = "00-04-ea-a7-c2-70"
Calling-Station-Id = "00-1c-25-93-26-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xd9e67c5bddea695f64d832ead121cf75
EAP-Message = 0x020c0150150016030100070b000003000000160301010610000102010029f7cad2a5ed026b3f6ac94cbeff92814502139418aa0c84ac8530c3f8b94a1a7aa8e8d45cf5b45d5779353a166d916292d43cff1264d5d99484b5aca8c6a381dd11db935d9d5cdb36d718c0b5e1c6ef7cb8774a461feb431c3918b706066e0a112a991af85400d62bf7ef76b370a3aeea705256c55afedf775aeb1405edeb429ac74753aa03b82c52c1c56a7e8145056e0f01a5d1a689cca54cb9ed121ea86a1e6ace3ac093f9d757752049924ab81792d47beb638b4e6eecdc55e88da3218972a2aa0380bf2d38b517101373498c55bd60d6ae9e581a5d976662a6188ec416
EAP-Message = 0x258d45ed623983520f1b0a30aa81bda3ecc551ac0617eb0de1185927b79dca21140301000101160301002874cdc78d855874525e120a085bfeb198cb565313472a4bda41ca3a52acb2df5b2df7561652ffa1d9
Message-Authenticator = 0xc93875552209af406690e002d9d996ee
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "john", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 12 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0007], Certificate
[ttls] >>> TLS 1.0 Alert [length 0002], fatal handshake_failure
TLS Alert write:fatal:handshake failure
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[ttls] eaptls_process returned 4
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> john
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Sending Access-Reject of id 225 to 10.1.3.222 port 1024
EAP-Message = 0x040c0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.5 seconds.
Cleaning up request 6 ID 220 with timestamp +71
Cleaning up request 7 ID 221 with timestamp +71
Cleaning up request 8 ID 222 with timestamp +71
Cleaning up request 9 ID 223 with timestamp +71
Cleaning up request 10 ID 224 with timestamp +71
Waking up in 1.3 seconds.
Cleaning up request 11 ID 225 with timestamp +71
Ready to process requests.
More information about the Freeradius-Users
mailing list