problem with eap-tls between FR and XP client

bLn pruebasradius at gmail.com
Wed May 6 18:29:14 CEST 2009


hi forum,

I'm trying to connect a Windows XP client (also I'm trying with Vista) 
with freeradius with EAP-TLS. I made my set of certificates (from this 
site http://www.linuxjournal.com/node/8095/print) and now, I have: CA, 
radius_cert.pem, radius_key.pem, radius_keycert.pem    radius_req.pem, 
cliente_cert.p12, cliente_key.pem, cliente_cert.pem, cliente_req.pem, 
dh, random, xpextensions, xpclient_ext, xpserver_ext

I've configured eap.conf of this way:

tls {
            certdir = ${confdir}/certs2
            cadir = ${confdir}/certs2
            private_key_password = *******
            private_key_file = ${certdir}/radius_keycert.pem
            certificate_file = ${certdir}/radius_keycert.pem
            CA_file = ${cadir}/cacert.pem
            dh_file = ${certdir}/dh
            random_file = ${certdir}/random
            cipher_list = "DEFAULT"
            make_cert_command = "${certdir}/bootstrap"


And I've installed my cacert.pem and cliente_cert.p12 into mmc into 
Trusted Root Certification Authorities and Personal - certificates, 
respectively.

When I try to connect with freeradius my log is this: (it's too long  
because I see the same request again and again)


rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=159, 
length=199
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0200001a016361726c6f7367617269407769746563682e636f6d
        Message-Authenticator = 0xc6247c05f7aae962aecbc459c9416907
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 159 to 10.0.0.1 port 3072
        EAP-Message = 0x010100060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x84a02e6384a123686383961ecc8fb910
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=160, 
length=191
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020100060319
        State = 0x84a02e6384a123686383961ecc8fb910
        Message-Authenticator = 0xe9335e399fadf61413fddd7e717c778f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 160 to 10.0.0.1 port 3072
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x84a02e6385a237686383961ecc8fb910
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=161, 
length=317
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 
0x0202008419800000007a16030100750100007103014a01acb81f735187841a3bc2edfa94f1384de661364401c1530733f45d00560d000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180100156361726c6f7367617269407769746563682e636f6d000a00080006001700180019000b00020100
        State = 0x84a02e6385a237686383961ecc8fb910
        Message-Authenticator = 0xc9c991513792d8f72f1e6dcbb3728186
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0501], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 161 to 10.0.0.1 port 3072
        EAP-Message = 
0x0103040019c00000053e160301002a02000026030149de14372a96c9dee0f575361420bb267d297c2000f439f4b516bbf08fbf6f8c00002f0016030105010b0004fd0004fa00025b30820257308201c0a003020102020101300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363035303733375a170d3130303430363035303733375a3078310b3009060355040613024553310f300d060355040813064d6164726964310f
        EAP-Message = 
0x300d060355040713064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e69657269613122302006035504031319746573742e637573746f6d6572732e696265722d782e6e657430819f300d06092a864886f70d010101050003818d0030818902818100cd1fa7b002fe68845fcf82590e4d53f094b5cba6f8d0f81cc2e942f415bfd015f6a6163016951985d90b95966dcdffbb982515bfd4fcf623b3fa94118a84e9e14697d0d080292cf5d5052f163ead4d63472163664f42e48a7f9de0996823102d8abe56677b45c41c46ec42c8173feafb0cfb7aae29e440880260ccceb08442a90203010001a31730
        EAP-Message = 
0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810022c03b52cdb6d30d58ac20fe96dd44bcb9b085bf90efa1db85ca23773e408dd176cc92f97efa0c18150494fe599cdf5f916c7e03e8d47159463f2d5c63b65221380fe5553a838f5e39021ca8c5fe0bcfa383ab4d79c98bb23d6e8e5725ddf592be29906b85c8fc09f6a050087c826b2c30368bc08a33a4a9d9ad9e5794d82eb300029930820295308201fea003020102020100300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f7765783113
        EAP-Message = 
0x3011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363030313530365a170d3132303430353030313530365a3052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b060355040313047465737430819f300d06092a864886f70d010101050003818d0030818902818100ddd96cf2e5e6c7e92e8a43f801e022e3247609b62b6bf40b56b303ae2ff49c5fc65340689ccc673b41ba7d32f0b0084d062083d24f2e4b4c9122707c3e3cf6b30779e5dc37c28c9d9e22
        EAP-Message = 0x7e9e619ff325da768ddacc03
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x84a02e6386a337686383961ecc8fb910
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=162, 
length=191
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020300061900
        State = 0x84a02e6386a337686383961ecc8fb910
        Message-Authenticator = 0x05d653107342a96a9c356290a260d61f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 162 to 10.0.0.1 port 3072
        EAP-Message = 
0x0104014e1900c7cae9bdebcfaa3a06726618751da075a2c79e748c02a30758a3550184fca872a01f3ec7c2ef8cee1b4d0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041421863a36c31be281cd1a3c31e52544b384bb25f1301f0603551d2304183016801421863a36c31be281cd1a3c31e52544b384bb25f1300d06092a864886f70d010105050003818100c851fd68627d9b98e537ff0e548d8a43683349ff2ced4e109cd6577d7cf0f6c7da04fe94c31f66a473385c2dfb626fd08bb8a69ab7276c1e
        EAP-Message = 
0x99166bf09c44c83fc5ce3d362171b85d7de918d590a4acf95e0fc5da662c3f0d516c493675ce95470a92157a39b40f80b7431c291a211d4edaaa381acc2ca0512cae8015326e731516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x84a02e6387a437686383961ecc8fb910
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=163, 
length=191
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020400061900
        State = 0x84a02e6387a437686383961ecc8fb910
        Message-Authenticator = 0xb9e22b4414f41497b616c4174385b8b4
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 163 to 10.0.0.1 port 3072
        EAP-Message = 0x010500061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x84a02e6380a537686383961ecc8fb910
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=164, 
length=199
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0200001a016361726c6f7367617269407769746563682e636f6d
        Message-Authenticator = 0xdd14d44138adb1f24901af4f2ac21fdc
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 2
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 164 to 10.0.0.1 port 3072
        EAP-Message = 0x010100060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec2decd6ec2ce137c20d83eb1d1d1e4f
Finished request 5.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=165, 
length=317
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 
0x020100840d800000007a16030100750100007103014a01acb83f8216b6454c57ebba9d19e3cc7db4ab863547bf1884f25b21b3eca6000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180100156361726c6f7367617269407769746563682e636f6d000a00080006001700180019000b00020100
        State = 0xec2decd6ec2ce137c20d83eb1d1d1e4f
        Message-Authenticator = 0xa9accde6d4fed435cc4b51e08c4a1fbd
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 132
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
  TLS Length 122
[tls] Length Included
[tls] eaptls_verify returned 11
[tls]     (other): before/accept initialization
[tls]     TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0075], ClientHello
[tls]     TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls]     TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 0501], Certificate
[tls]     TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 0064], CertificateRequest
[tls]     TLS_accept: SSLv3 write certificate request A
[tls]     TLS_accept: SSLv3 flush data
[tls]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 165 to 10.0.0.1 port 3072
        EAP-Message = 
0x010204000dc00000059e160301002a02000026030149de14379e475e80becd7ed1b05b777c2454aba0aab441958d3bc618844205e300002f0016030105010b0004fd0004fa00025b30820257308201c0a003020102020101300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363035303733375a170d3130303430363035303733375a3078310b3009060355040613024553310f300d060355040813064d6164726964310f
        EAP-Message = 
0x300d060355040713064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e69657269613122302006035504031319746573742e637573746f6d6572732e696265722d782e6e657430819f300d06092a864886f70d010101050003818d0030818902818100cd1fa7b002fe68845fcf82590e4d53f094b5cba6f8d0f81cc2e942f415bfd015f6a6163016951985d90b95966dcdffbb982515bfd4fcf623b3fa94118a84e9e14697d0d080292cf5d5052f163ead4d63472163664f42e48a7f9de0996823102d8abe56677b45c41c46ec42c8173feafb0cfb7aae29e440880260ccceb08442a90203010001a31730
        EAP-Message = 
0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810022c03b52cdb6d30d58ac20fe96dd44bcb9b085bf90efa1db85ca23773e408dd176cc92f97efa0c18150494fe599cdf5f916c7e03e8d47159463f2d5c63b65221380fe5553a838f5e39021ca8c5fe0bcfa383ab4d79c98bb23d6e8e5725ddf592be29906b85c8fc09f6a050087c826b2c30368bc08a33a4a9d9ad9e5794d82eb300029930820295308201fea003020102020100300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f7765783113
        EAP-Message = 
0x3011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363030313530365a170d3132303430353030313530365a3052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b060355040313047465737430819f300d06092a864886f70d010101050003818d0030818902818100ddd96cf2e5e6c7e92e8a43f801e022e3247609b62b6bf40b56b303ae2ff49c5fc65340689ccc673b41ba7d32f0b0084d062083d24f2e4b4c9122707c3e3cf6b30779e5dc37c28c9d9e22
        EAP-Message = 0x7e9e619ff325da768ddacc03
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec2decd6ed2fe137c20d83eb1d1d1e4f
Finished request 6.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=166, 
length=191
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020200060d00
        State = 0xec2decd6ed2fe137c20d83eb1d1d1e4f
        Message-Authenticator = 0xd94d9be93b04169026b7368402da36ae
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 0
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 166 to 10.0.0.1 port 3072
        EAP-Message = 
0x010301b20d800000059ec7cae9bdebcfaa3a06726618751da075a2c79e748c02a30758a3550184fca872a01f3ec7c2ef8cee1b4d0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041421863a36c31be281cd1a3c31e52544b384bb25f1301f0603551d2304183016801421863a36c31be281cd1a3c31e52544b384bb25f1300d06092a864886f70d010105050003818100c851fd68627d9b98e537ff0e548d8a43683349ff2ced4e109cd6577d7cf0f6c7da04fe94c31f66a473385c2dfb626fd08bb8a69a
        EAP-Message = 
0xb7276c1e99166bf09c44c83fc5ce3d362171b85d7de918d590a4acf95e0fc5da662c3f0d516c493675ce95470a92157a39b40f80b7431c291a211d4edaaa381acc2ca0512cae8015326e731516030100640d00005c03010240005600543052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b06035504031304746573740e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec2decd6ee2ee137c20d83eb1d1d1e4f
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=167, 
length=191
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020300060d00
        State = 0xec2decd6ee2ee137c20d83eb1d1d1e4f
        Message-Authenticator = 0xc8ad2690ce4bb94fa6ee92d26df76db2
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 167 to 10.0.0.1 port 3072
        EAP-Message = 0x0104000a0d8000000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec2decd6ef29e137c20d83eb1d1d1e4f
Finished request 8.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=168, 
length=217
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0204001a016361726c6f7367617269407769746563682e636f6d
        State = 0xec2decd6ef29e137c20d83eb1d1d1e4f
        Message-Authenticator = 0x274fd340f61d1f66b2b03ba704d3ec2e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 168 to 10.0.0.1 port 3072
        EAP-Message = 0x010500060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f6428b72f6125c07b0fb3246e0f1a2d
Finished request 9.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=169, 
length=317
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 
0x020500840d800000007a16030100750100007103014a01acbdbadc9a09fff908f49117fe4256ccc1abe3d5e0b168a22041e5eada09000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180100156361726c6f7367617269407769746563682e636f6d000a00080006001700180019000b00020100
        State = 0x2f6428b72f6125c07b0fb3246e0f1a2d
        Message-Authenticator = 0x945e136366ba63bb7daa1d7d67603aeb
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 132
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 2
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
  TLS Length 122
[tls] Length Included
[tls] eaptls_verify returned 11
[tls]     (other): before/accept initialization
[tls]     TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0075], ClientHello
[tls]     TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls]     TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 0501], Certificate
[tls]     TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 0064], CertificateRequest
[tls]     TLS_accept: SSLv3 write certificate request A
[tls]     TLS_accept: SSLv3 flush data
[tls]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 169 to 10.0.0.1 port 3072
        EAP-Message = 
0x010604000dc00000059e160301002a02000026030149de143bc7b95d7d8c7dd9e2a3d466bb438c26fd9c94393b645e7652fb10a3fc00002f0016030105010b0004fd0004fa00025b30820257308201c0a003020102020101300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363035303733375a170d3130303430363035303733375a3078310b3009060355040613024553310f300d060355040813064d6164726964310f
        EAP-Message = 
0x300d060355040713064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e69657269613122302006035504031319746573742e637573746f6d6572732e696265722d782e6e657430819f300d06092a864886f70d010101050003818d0030818902818100cd1fa7b002fe68845fcf82590e4d53f094b5cba6f8d0f81cc2e942f415bfd015f6a6163016951985d90b95966dcdffbb982515bfd4fcf623b3fa94118a84e9e14697d0d080292cf5d5052f163ead4d63472163664f42e48a7f9de0996823102d8abe56677b45c41c46ec42c8173feafb0cfb7aae29e440880260ccceb08442a90203010001a31730
        EAP-Message = 
0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810022c03b52cdb6d30d58ac20fe96dd44bcb9b085bf90efa1db85ca23773e408dd176cc92f97efa0c18150494fe599cdf5f916c7e03e8d47159463f2d5c63b65221380fe5553a838f5e39021ca8c5fe0bcfa383ab4d79c98bb23d6e8e5725ddf592be29906b85c8fc09f6a050087c826b2c30368bc08a33a4a9d9ad9e5794d82eb300029930820295308201fea003020102020100300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f7765783113
        EAP-Message = 
0x3011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363030313530365a170d3132303430353030313530365a3052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b060355040313047465737430819f300d06092a864886f70d010101050003818d0030818902818100ddd96cf2e5e6c7e92e8a43f801e022e3247609b62b6bf40b56b303ae2ff49c5fc65340689ccc673b41ba7d32f0b0084d062083d24f2e4b4c9122707c3e3cf6b30779e5dc37c28c9d9e22
        EAP-Message = 0x7e9e619ff325da768ddacc03
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f6428b72e6225c07b0fb3246e0f1a2d
Finished request 10.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=170, 
length=191
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020600060d00
        State = 0x2f6428b72e6225c07b0fb3246e0f1a2d
        Message-Authenticator = 0x618e4164cf39a7a344ca991da0c24224
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 170 to 10.0.0.1 port 3072
        EAP-Message = 
0x010701b20d800000059ec7cae9bdebcfaa3a06726618751da075a2c79e748c02a30758a3550184fca872a01f3ec7c2ef8cee1b4d0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041421863a36c31be281cd1a3c31e52544b384bb25f1301f0603551d2304183016801421863a36c31be281cd1a3c31e52544b384bb25f1300d06092a864886f70d010105050003818100c851fd68627d9b98e537ff0e548d8a43683349ff2ced4e109cd6577d7cf0f6c7da04fe94c31f66a473385c2dfb626fd08bb8a69a
        EAP-Message = 
0xb7276c1e99166bf09c44c83fc5ce3d362171b85d7de918d590a4acf95e0fc5da662c3f0d516c493675ce95470a92157a39b40f80b7431c291a211d4edaaa381acc2ca0512cae8015326e731516030100640d00005c03010240005600543052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b06035504031304746573740e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f6428b72d6325c07b0fb3246e0f1a2d
Finished request 11.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=171, 
length=191
        User-Name = "carlosgari at realmprueba.com"
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Called-Station-Id = "00116b3f0ce5"
        Calling-Station-Id = "00215d9ade9a"
        NAS-Identifier = "Realtek Access Point. 8181"
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020700060d00
        State = 0x2f6428b72d6325c07b0fb3246e0f1a2d
        Message-Authenticator = 0x5b4d57449b4510dfe0ec25fbd8141a1e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name = 
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql]   expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 0
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT 
groupname           FROM usergroup           WHERE username = 
'carlosgari at realmprueba.com'           ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Navega Mes'           ORDER BY id
[sql] User found in group Navega Mes
[sql]   expand: SELECT id, groupname, attribute, value, op           
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           
ORDER BY id -> SELECT id, groupname, attribute, value, op           FROM 
radgroupreply           WHERE groupname = 'Navega Mes'           ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 171 to 10.0.0.1 port 3072
        EAP-Message = 0x0108000a0d8000000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f6428b72c6c25c07b0fb3246e0f1a2d
Finished request 12.
Going to the next request
Waking up in 0.8 seconds.
Cleaning up request 0 ID 159 with timestamp +21
Cleaning up request 1 ID 160 with timestamp +21
Cleaning up request 2 ID 161 with timestamp +21
Cleaning up request 3 ID 162 with timestamp +21
Cleaning up request 4 ID 163 with timestamp +21
Waking up in 0.4 seconds.
Cleaning up request 5 ID 164 with timestamp +21
Cleaning up request 6 ID 165 with timestamp +21
Cleaning up request 7 ID 166 with timestamp +21
Cleaning up request 8 ID 167 with timestamp +21
Waking up in 3.5 seconds.

I've tried with AP Mikrotiks too and I got the same error, I think 
freeradius is waiting for the request from client and this doesn't back 
never, but I'm not sure.

I've also tried with export password and not password in the 
client_cert.p12. I saw in another web this possible mistake.

Anyone who can illuminate me???? please



More information about the Freeradius-Users mailing list