problem with eap-tls between FR and XP client
bLn
pruebasradius at gmail.com
Wed May 6 18:29:14 CEST 2009
hi forum,
I'm trying to connect a Windows XP client (also I'm trying with Vista)
with freeradius with EAP-TLS. I made my set of certificates (from this
site http://www.linuxjournal.com/node/8095/print) and now, I have: CA,
radius_cert.pem, radius_key.pem, radius_keycert.pem radius_req.pem,
cliente_cert.p12, cliente_key.pem, cliente_cert.pem, cliente_req.pem,
dh, random, xpextensions, xpclient_ext, xpserver_ext
I've configured eap.conf of this way:
tls {
certdir = ${confdir}/certs2
cadir = ${confdir}/certs2
private_key_password = *******
private_key_file = ${certdir}/radius_keycert.pem
certificate_file = ${certdir}/radius_keycert.pem
CA_file = ${cadir}/cacert.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
And I've installed my cacert.pem and cliente_cert.p12 into mmc into
Trusted Root Certification Authorities and Personal - certificates,
respectively.
When I try to connect with freeradius my log is this: (it's too long
because I see the same request again and again)
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=159,
length=199
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001a016361726c6f7367617269407769746563682e636f6d
Message-Authenticator = 0xc6247c05f7aae962aecbc459c9416907
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 159 to 10.0.0.1 port 3072
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84a02e6384a123686383961ecc8fb910
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=160,
length=191
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060319
State = 0x84a02e6384a123686383961ecc8fb910
Message-Authenticator = 0xe9335e399fadf61413fddd7e717c778f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 160 to 10.0.0.1 port 3072
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84a02e6385a237686383961ecc8fb910
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=161,
length=317
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0202008419800000007a16030100750100007103014a01acb81f735187841a3bc2edfa94f1384de661364401c1530733f45d00560d000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180100156361726c6f7367617269407769746563682e636f6d000a00080006001700180019000b00020100
State = 0x84a02e6385a237686383961ecc8fb910
Message-Authenticator = 0xc9c991513792d8f72f1e6dcbb3728186
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0501], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 161 to 10.0.0.1 port 3072
EAP-Message =
0x0103040019c00000053e160301002a02000026030149de14372a96c9dee0f575361420bb267d297c2000f439f4b516bbf08fbf6f8c00002f0016030105010b0004fd0004fa00025b30820257308201c0a003020102020101300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363035303733375a170d3130303430363035303733375a3078310b3009060355040613024553310f300d060355040813064d6164726964310f
EAP-Message =
0x300d060355040713064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e69657269613122302006035504031319746573742e637573746f6d6572732e696265722d782e6e657430819f300d06092a864886f70d010101050003818d0030818902818100cd1fa7b002fe68845fcf82590e4d53f094b5cba6f8d0f81cc2e942f415bfd015f6a6163016951985d90b95966dcdffbb982515bfd4fcf623b3fa94118a84e9e14697d0d080292cf5d5052f163ead4d63472163664f42e48a7f9de0996823102d8abe56677b45c41c46ec42c8173feafb0cfb7aae29e440880260ccceb08442a90203010001a31730
EAP-Message =
0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810022c03b52cdb6d30d58ac20fe96dd44bcb9b085bf90efa1db85ca23773e408dd176cc92f97efa0c18150494fe599cdf5f916c7e03e8d47159463f2d5c63b65221380fe5553a838f5e39021ca8c5fe0bcfa383ab4d79c98bb23d6e8e5725ddf592be29906b85c8fc09f6a050087c826b2c30368bc08a33a4a9d9ad9e5794d82eb300029930820295308201fea003020102020100300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f7765783113
EAP-Message =
0x3011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363030313530365a170d3132303430353030313530365a3052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b060355040313047465737430819f300d06092a864886f70d010101050003818d0030818902818100ddd96cf2e5e6c7e92e8a43f801e022e3247609b62b6bf40b56b303ae2ff49c5fc65340689ccc673b41ba7d32f0b0084d062083d24f2e4b4c9122707c3e3cf6b30779e5dc37c28c9d9e22
EAP-Message = 0x7e9e619ff325da768ddacc03
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84a02e6386a337686383961ecc8fb910
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=162,
length=191
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0x84a02e6386a337686383961ecc8fb910
Message-Authenticator = 0x05d653107342a96a9c356290a260d61f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 162 to 10.0.0.1 port 3072
EAP-Message =
0x0104014e1900c7cae9bdebcfaa3a06726618751da075a2c79e748c02a30758a3550184fca872a01f3ec7c2ef8cee1b4d0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041421863a36c31be281cd1a3c31e52544b384bb25f1301f0603551d2304183016801421863a36c31be281cd1a3c31e52544b384bb25f1300d06092a864886f70d010105050003818100c851fd68627d9b98e537ff0e548d8a43683349ff2ced4e109cd6577d7cf0f6c7da04fe94c31f66a473385c2dfb626fd08bb8a69ab7276c1e
EAP-Message =
0x99166bf09c44c83fc5ce3d362171b85d7de918d590a4acf95e0fc5da662c3f0d516c493675ce95470a92157a39b40f80b7431c291a211d4edaaa381acc2ca0512cae8015326e731516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84a02e6387a437686383961ecc8fb910
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=163,
length=191
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061900
State = 0x84a02e6387a437686383961ecc8fb910
Message-Authenticator = 0xb9e22b4414f41497b616c4174385b8b4
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 163 to 10.0.0.1 port 3072
EAP-Message = 0x010500061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84a02e6380a537686383961ecc8fb910
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=164,
length=199
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001a016361726c6f7367617269407769746563682e636f6d
Message-Authenticator = 0xdd14d44138adb1f24901af4f2ac21fdc
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 164 to 10.0.0.1 port 3072
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec2decd6ec2ce137c20d83eb1d1d1e4f
Finished request 5.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=165,
length=317
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020100840d800000007a16030100750100007103014a01acb83f8216b6454c57ebba9d19e3cc7db4ab863547bf1884f25b21b3eca6000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180100156361726c6f7367617269407769746563682e636f6d000a00080006001700180019000b00020100
State = 0xec2decd6ec2ce137c20d83eb1d1d1e4f
Message-Authenticator = 0xa9accde6d4fed435cc4b51e08c4a1fbd
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 132
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 122
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0075], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 0501], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 0064], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 165 to 10.0.0.1 port 3072
EAP-Message =
0x010204000dc00000059e160301002a02000026030149de14379e475e80becd7ed1b05b777c2454aba0aab441958d3bc618844205e300002f0016030105010b0004fd0004fa00025b30820257308201c0a003020102020101300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363035303733375a170d3130303430363035303733375a3078310b3009060355040613024553310f300d060355040813064d6164726964310f
EAP-Message =
0x300d060355040713064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e69657269613122302006035504031319746573742e637573746f6d6572732e696265722d782e6e657430819f300d06092a864886f70d010101050003818d0030818902818100cd1fa7b002fe68845fcf82590e4d53f094b5cba6f8d0f81cc2e942f415bfd015f6a6163016951985d90b95966dcdffbb982515bfd4fcf623b3fa94118a84e9e14697d0d080292cf5d5052f163ead4d63472163664f42e48a7f9de0996823102d8abe56677b45c41c46ec42c8173feafb0cfb7aae29e440880260ccceb08442a90203010001a31730
EAP-Message =
0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810022c03b52cdb6d30d58ac20fe96dd44bcb9b085bf90efa1db85ca23773e408dd176cc92f97efa0c18150494fe599cdf5f916c7e03e8d47159463f2d5c63b65221380fe5553a838f5e39021ca8c5fe0bcfa383ab4d79c98bb23d6e8e5725ddf592be29906b85c8fc09f6a050087c826b2c30368bc08a33a4a9d9ad9e5794d82eb300029930820295308201fea003020102020100300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f7765783113
EAP-Message =
0x3011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363030313530365a170d3132303430353030313530365a3052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b060355040313047465737430819f300d06092a864886f70d010101050003818d0030818902818100ddd96cf2e5e6c7e92e8a43f801e022e3247609b62b6bf40b56b303ae2ff49c5fc65340689ccc673b41ba7d32f0b0084d062083d24f2e4b4c9122707c3e3cf6b30779e5dc37c28c9d9e22
EAP-Message = 0x7e9e619ff325da768ddacc03
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec2decd6ed2fe137c20d83eb1d1d1e4f
Finished request 6.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=166,
length=191
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200060d00
State = 0xec2decd6ed2fe137c20d83eb1d1d1e4f
Message-Authenticator = 0xd94d9be93b04169026b7368402da36ae
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 166 to 10.0.0.1 port 3072
EAP-Message =
0x010301b20d800000059ec7cae9bdebcfaa3a06726618751da075a2c79e748c02a30758a3550184fca872a01f3ec7c2ef8cee1b4d0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041421863a36c31be281cd1a3c31e52544b384bb25f1301f0603551d2304183016801421863a36c31be281cd1a3c31e52544b384bb25f1300d06092a864886f70d010105050003818100c851fd68627d9b98e537ff0e548d8a43683349ff2ced4e109cd6577d7cf0f6c7da04fe94c31f66a473385c2dfb626fd08bb8a69a
EAP-Message =
0xb7276c1e99166bf09c44c83fc5ce3d362171b85d7de918d590a4acf95e0fc5da662c3f0d516c493675ce95470a92157a39b40f80b7431c291a211d4edaaa381acc2ca0512cae8015326e731516030100640d00005c03010240005600543052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b06035504031304746573740e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec2decd6ee2ee137c20d83eb1d1d1e4f
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=167,
length=191
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300060d00
State = 0xec2decd6ee2ee137c20d83eb1d1d1e4f
Message-Authenticator = 0xc8ad2690ce4bb94fa6ee92d26df76db2
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 167 to 10.0.0.1 port 3072
EAP-Message = 0x0104000a0d8000000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec2decd6ef29e137c20d83eb1d1d1e4f
Finished request 8.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=168,
length=217
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0204001a016361726c6f7367617269407769746563682e636f6d
State = 0xec2decd6ef29e137c20d83eb1d1d1e4f
Message-Authenticator = 0x274fd340f61d1f66b2b03ba704d3ec2e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 168 to 10.0.0.1 port 3072
EAP-Message = 0x010500060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2f6428b72f6125c07b0fb3246e0f1a2d
Finished request 9.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=169,
length=317
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020500840d800000007a16030100750100007103014a01acbdbadc9a09fff908f49117fe4256ccc1abe3d5e0b168a22041e5eada09000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180100156361726c6f7367617269407769746563682e636f6d000a00080006001700180019000b00020100
State = 0x2f6428b72f6125c07b0fb3246e0f1a2d
Message-Authenticator = 0x945e136366ba63bb7daa1d7d67603aeb
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 132
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 122
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0075], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 0501], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 0064], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 169 to 10.0.0.1 port 3072
EAP-Message =
0x010604000dc00000059e160301002a02000026030149de143bc7b95d7d8c7dd9e2a3d466bb438c26fd9c94393b645e7652fb10a3fc00002f0016030105010b0004fd0004fa00025b30820257308201c0a003020102020101300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363035303733375a170d3130303430363035303733375a3078310b3009060355040613024553310f300d060355040813064d6164726964310f
EAP-Message =
0x300d060355040713064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e69657269613122302006035504031319746573742e637573746f6d6572732e696265722d782e6e657430819f300d06092a864886f70d010101050003818d0030818902818100cd1fa7b002fe68845fcf82590e4d53f094b5cba6f8d0f81cc2e942f415bfd015f6a6163016951985d90b95966dcdffbb982515bfd4fcf623b3fa94118a84e9e14697d0d080292cf5d5052f163ead4d63472163664f42e48a7f9de0996823102d8abe56677b45c41c46ec42c8173feafb0cfb7aae29e440880260ccceb08442a90203010001a31730
EAP-Message =
0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810022c03b52cdb6d30d58ac20fe96dd44bcb9b085bf90efa1db85ca23773e408dd176cc92f97efa0c18150494fe599cdf5f916c7e03e8d47159463f2d5c63b65221380fe5553a838f5e39021ca8c5fe0bcfa383ab4d79c98bb23d6e8e5725ddf592be29906b85c8fc09f6a050087c826b2c30368bc08a33a4a9d9ad9e5794d82eb300029930820295308201fea003020102020100300d06092a864886f70d01010505003052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f7765783113
EAP-Message =
0x3011060355040b130a696e67656e6965726961310d300b0603550403130474657374301e170d3039303430363030313530365a170d3132303430353030313530365a3052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b060355040313047465737430819f300d06092a864886f70d010101050003818d0030818902818100ddd96cf2e5e6c7e92e8a43f801e022e3247609b62b6bf40b56b303ae2ff49c5fc65340689ccc673b41ba7d32f0b0084d062083d24f2e4b4c9122707c3e3cf6b30779e5dc37c28c9d9e22
EAP-Message = 0x7e9e619ff325da768ddacc03
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2f6428b72e6225c07b0fb3246e0f1a2d
Finished request 10.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=170,
length=191
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600060d00
State = 0x2f6428b72e6225c07b0fb3246e0f1a2d
Message-Authenticator = 0x618e4164cf39a7a344ca991da0c24224
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 170 to 10.0.0.1 port 3072
EAP-Message =
0x010701b20d800000059ec7cae9bdebcfaa3a06726618751da075a2c79e748c02a30758a3550184fca872a01f3ec7c2ef8cee1b4d0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041421863a36c31be281cd1a3c31e52544b384bb25f1301f0603551d2304183016801421863a36c31be281cd1a3c31e52544b384bb25f1300d06092a864886f70d010105050003818100c851fd68627d9b98e537ff0e548d8a43683349ff2ced4e109cd6577d7cf0f6c7da04fe94c31f66a473385c2dfb626fd08bb8a69a
EAP-Message =
0xb7276c1e99166bf09c44c83fc5ce3d362171b85d7de918d590a4acf95e0fc5da662c3f0d516c493675ce95470a92157a39b40f80b7431c291a211d4edaaa381acc2ca0512cae8015326e731516030100640d00005c03010240005600543052310b3009060355040613024553310f300d060355040813064d6164726964310e300c060355040a1305476f77657831133011060355040b130a696e67656e6965726961310d300b06035504031304746573740e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2f6428b72d6325c07b0fb3246e0f1a2d
Finished request 11.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.0.0.1 port 3072, id=171,
length=191
User-Name = "carlosgari at realmprueba.com"
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Called-Station-Id = "00116b3f0ce5"
Calling-Station-Id = "00215d9ade9a"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020700060d00
State = 0x2f6428b72d6325c07b0fb3246e0f1a2d
Message-Authenticator = 0x5b4d57449b4510dfe0ec25fbd8141a1e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realmprueba.com" for User-Name =
"carlosgari at realmprueba.com"
[suffix] Found realm "realmprueba.com"
[suffix] Adding Realm = "realmprueba.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> carlosgari at realmprueba.com
[sql] sql_set_user escaped user --> 'carlosgari at realmprueba.com'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
groupname FROM usergroup WHERE username =
'carlosgari at realmprueba.com' ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Navega Mes' ORDER BY id
[sql] User found in group Navega Mes
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'Navega Mes' ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 171 to 10.0.0.1 port 3072
EAP-Message = 0x0108000a0d8000000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2f6428b72c6c25c07b0fb3246e0f1a2d
Finished request 12.
Going to the next request
Waking up in 0.8 seconds.
Cleaning up request 0 ID 159 with timestamp +21
Cleaning up request 1 ID 160 with timestamp +21
Cleaning up request 2 ID 161 with timestamp +21
Cleaning up request 3 ID 162 with timestamp +21
Cleaning up request 4 ID 163 with timestamp +21
Waking up in 0.4 seconds.
Cleaning up request 5 ID 164 with timestamp +21
Cleaning up request 6 ID 165 with timestamp +21
Cleaning up request 7 ID 166 with timestamp +21
Cleaning up request 8 ID 167 with timestamp +21
Waking up in 3.5 seconds.
I've tried with AP Mikrotiks too and I got the same error, I think
freeradius is waiting for the request from client and this doesn't back
never, but I'm not sure.
I've also tried with export password and not password in the
client_cert.p12. I saw in another web this possible mistake.
Anyone who can illuminate me???? please
More information about the Freeradius-Users
mailing list