eap-tls configuration not running...
fabien.crettaz at novelis.com
fabien.crettaz at novelis.com
Wed Mar 4 11:06:59 CET 2009
Hello
My server is now accepting the eap authentication, but is sending after
this accept an access challenge to the client. It seems that the client
"ignores" the access challenge sent by the server !!
Any idea ??
Fabien
rad_recv: Access-Request packet from host 10.166.42.30:1024, id=3,
length=159
User-Name = "sierre08015"
NAS-IP-Address = 10.166.42.30
NAS-Port = 1
Called-Station-Id = "00-14-C2-BB-FF-70:test"
Calling-Station-Id = "00-1F-3C-13-1A-1F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11g"
EAP-Message = 0x02070010017369657272653038303135
Message-Authenticator = 0x44d8e63aaf78d1dd710924a013bfe7ba
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_eap: EAP packet type response id 7 length 16
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry sierre08015 at line 97
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 3 to 10.166.42.30 port 1024
EAP-Message = 0x010800060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x70d9ca888398794265f013f1ea86a3b8
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.166.42.30:1024, id=4,
length=241
User-Name = "sierre08015"
NAS-IP-Address = 10.166.42.30
NAS-Port = 1
Called-Station-Id = "00-14-C2-BB-FF-70:test"
Calling-Station-Id = "00-1F-3C-13-1A-1F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11g"
EAP-Message =
0x020800500d800000004616030100410100003d030149ae3f67c2530394de05ba7fb9c39413db6dd4d884994527880e0543a428dee400001600040005000a000900640062000300060013001200630100
State = 0x70d9ca888398794265f013f1ea86a3b8
Message-Authenticator = 0x56372f6bfce57e79360ae0c757da625b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
rlm_eap: EAP packet type response id 8 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry sierre08015 at line 97
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 02ad], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a3], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 4 to 10.166.42.30 port 1024
EAP-Message =
0x010903b30d80000003a9160301004a02000046030149ae3f6712908d3b767909434474e04763782e4799f5ba8fa55677e4cc5ebb69201f975e44af3ffdd4256b3608b4501983469357e875c2d3df0e562e297d56618300040016030102ad0b0002a90002a60002a33082029f30820208020900d79b076a9c2a726f300d06092a864886f70d0101050500308193310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d06035504071306536965727265311d301b060355040a13144e6f76656c697320506c616e7420536965727265311630140603550403130d526164697573205365727665723126302406
EAP-Message =
0x092a864886f70d01090116177369657272657261643130406e6f76656c69732e636f6d301e170d3039303131323139323733375a170d3039303231313139323733375a308193310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d06035504071306536965727265311d301b060355040a13144e6f76656c697320506c616e7420536965727265311630140603550403130d526164697573205365727665723126302406092a864886f70d01090116177369657272657261643130406e6f76656c69732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ec5d7c0b616c84
EAP-Message =
0x9cb4d290cf1ba7432d4581ef7602de5309e60866c877dd2772a62df72614f0988998a7c5feffd6c2454656c0376e3e0f9fd0586bed25ffa89e6f416b92b352fd6090d3b9cf3f0bcb182a2e68ca58848f7cca593c62726f96421e1726757ffc143bf16dd9b132909199d1292ba067160afff70e612f56bfcc550203010001300d06092a864886f70d0101050500038181008f10a3348b6a8192ab370370cf5bc572fe2228a782b7fa97828e798716d26508dfe471fa5352f4ea71a8e5eb12b71413733f07e0d6222a9dec199b76b4434aba154bb64d6e77cd3e5471003e2fceb03bfa6d69340a1b4802edc3959f0de8a52d1ae0cc88217a2db731513ad9
EAP-Message =
0xc8ad4170e9d80b47b6e9ae2a82cc577076dec8b316030100a30d00009b0301020500950093308190310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d0603550407130653696572726531163014060355040a130d4e6f76656c697320506c616e74311730150603550403130e46616269656e204372657474617a3129302706092a864886f70d010901161a66616269656e2e6372657474617a406e6f76656c69732e636f6d0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad27a06a3667c11a3c87b3e41faa858
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.166.42.30:1024, id=5,
length=167
User-Name = "sierre08015"
NAS-IP-Address = 10.166.42.30
NAS-Port = 1
Called-Station-Id = "00-14-C2-BB-FF-70:test"
Calling-Station-Id = "00-1F-3C-13-1A-1F"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11g"
EAP-Message = 0x020900060d00
State = 0xcad27a06a3667c11a3c87b3e41faa858
Message-Authenticator = 0x57367206865668163c2155289735fb84
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
rlm_eap: EAP packet type response id 9 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry sierre08015 at line 97
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 5 to 10.166.42.30 port 1024
EAP-Message = 0x010a000a0d8000000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x850de87f7a3c97df745f110aed8ce38e
Finished request 5
Going to the next request
Waking up in 6 seconds...
NOVELIS
Fabien Crettaz
IT System and Infrastructure
Novelis Automotive, Painted & Specialities
Novelis Switzerland SA
CH - 3960 Sierre, Switzerland
phone: +41 (0)27 457 7164
fax: +41 (0)27 457 7105
e-mail: fabien.crettaz at novelis.com
http://www.novelis.ch
P Please consider the environment before printing this email.
<tnt at kalik.net>
Sent by:
freeradius-users-bounces+fabien.crettaz=novelis.com at lists.freeradius.org
03.03.2009 16:50
Please respond to
FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
To
"FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
cc
Subject
Re: eap-tls configuration not running...
>Thanks for you response, what should I set as Auth-Type, as 'Auth-Type :=
>eap' is not recommended (cf. coment in eap.conf) ?
You don't set anything. Server will set what it needs. It "just works".
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090304/adbabad1/attachment.html>
More information about the Freeradius-Users
mailing list