Decoupled accounting

Devinder Singh devinbhullar at gmail.com
Tue Sep 15 11:07:49 CEST 2009


Hi Ivan,

Pls ignore my message as it working now it was a network problem

2009/8/4 Devinder Singh <devinbhullar at gmail.com>:
> Hi Ivan,
>
> When i clik on my SSID palstaff it prompts for the certificate name
>
> username on certificate so i selected
>
> devinder at palettemm.com
>
> Click OK then authentication failed on the SSID
>
> 2009/8/4 Devinder Singh <devinbhullar at gmail.com>:
>> Hi Ivan
>>
>> Ok i managed to install ca.der and client.p12 on my XP
>>
>> When i run radiusd -X i get
>>
>> rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
>> id=30, length=216
>>        User-Name = "devinder at palettemm.com"
>>        NAS-IP-Address = 203.121.4.59
>>        Called-Station-Id = "00-20-a6-6c-49-9d:palstaff"
>>        Calling-Station-Id = "00-04-23-7b-56-b9"
>>        NAS-Identifier = "ORiNOCO-AP-700-6c-49-9d"
>>        State = 0xf30ae66df60debd09c91249e7b82f0a9
>>        Framed-MTU = 1400
>>        NAS-Port-Type = Wireless-802.11
>>        EAP-Message =
>> 0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa
>>        Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e
>> +- entering group authorize {...}
>> ++[preprocess] returns ok
>> ++[chap] returns noop
>> ++[mschap] returns noop
>> [suffix] Looking up realm "palettemm.com" for User-Name =
>> "devinder at palettemm.com"
>> [suffix] No such realm "palettemm.com"
>> ++[suffix] returns noop
>> [eap] EAP packet type response id 7 length 44
>> [eap] No EAP Start, assuming it's an on-going EAP conversation
>> ++[eap] returns updated
>> ++[unix] returns notfound
>> [files] users: Matched entry devinder at palettemm.com at line 94
>> ++[files] returns ok
>> ++[expiration] returns noop
>> ++[logintime] returns noop
>> ++[pap] returns noop
>> Found Auth-Type = EAP
>> +- entering group authenticate {...}
>> [eap] Request found, released from the list
>> [eap] EAP/tls
>> [eap] processing type tls
>> [tls] Authenticate
>> [tls] processing EAP-TLS
>> [tls] eaptls_verify returned 7
>> [tls] Done initial handshake
>> [tls] <<< TLS 1.0 Handshake [length 03b2], Certificate
>> --> verify error:num=20:unable to get local issuer certificate
>> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
>> TLS Alert write:fatal:unknown CA
>>    TLS_accept:error in SSLv3 read client certificate B
>> rlm_eap: SSL error error:140890B2:SSL
>> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>> SSL: SSL_read failed in a system call (-1), TLS session fails.
>> TLS receive handshake failed during operation
>> [tls] eaptls_process returned 4
>> [eap] Handler failed in EAP/tls
>> [eap] Failed in EAP select
>> ++[eap] returns invalid
>> Failed to authenticate the user.
>> Using Post-Auth-Type Reject
>> +- entering group REJECT {...}
>> [attr_filter.access_reject]     expand: %{User-Name} -> devinder at palettemm.com
>>  attr_filter: Matched entry DEFAULT at line 11
>> ++[attr_filter.access_reject] returns updated
>> Delaying reject of request 6 for 1 seconds
>> Going to the next request
>> Waking up in 0.9 seconds.
>> Sending delayed reject for request 6
>> Sending Access-Reject of id 30 to 203.121.4.59 port 6001
>>        EAP-Message = 0x04070004
>>        Message-Authenticator = 0x00000000000000000000000000000000
>> Waking up in 3.8 seconds.
>> Cleaning up request 0 ID 24 with timestamp +83
>> Cleaning up request 1 ID 25 with timestamp +83
>> Cleaning up request 2 ID 26 with timestamp +83
>> Cleaning up request 3 ID 27 with timestamp +83
>> Cleaning up request 4 ID 28 with timestamp +83
>> Cleaning up request 5 ID 29 with timestamp +83
>> Waking up in 1.0 seconds.
>> Cleaning up request 6 ID 30 with timestamp +83
>> Ready to process requests.
>>
>>
>>
>> Users File
>>
>>
>> "devinder at palettemm.com" Auth-Type := EAP
>>
>> DEFAULT Auth-Type := Reject
>>        Reply-Message = "Authentication Failed"
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> 2009/8/3 Ivan Kalik <tnt at kalik.net>:
>>>> Do i copy  this file to the XP and install ca.der
>>>>
>>>> ca.der and client.p12
>>>
>>> Yes.
>>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
>>
>>
>>
>> --
>> Devinder
>>
>
>
>
> --
> Devinder
>



-- 
Devinder




More information about the Freeradius-Users mailing list