EAP-TLS User-Name not matching

Huckle Berry huck.berry at gmail.com
Sat Jan 23 00:41:11 CET 2010


On Fri, Jan 22, 2010 at 12:13 AM, Huckle Berry <huck.berry at gmail.com> wrote:

> Will report later.
>

I installed the new certs (I checked in the details tab on windows that both
the server and client have the correct xpextentions) however the client
still fails to respond.  Just to be sure, I hopped over to my desktop, which
runs linux, and set up Wicd for EAP-TLS and same results... Seems like it
isn't a Windoze issue (as much as I'd liek it to be)

Here's the relevant part of the log:
rad_recv: Access-Request packet from host 192.168.1.1 port 3090, id=0,
length=148
Cleaning up request 58 ID 0 with timestamp +233
    User-Name = "user at example.com"
    NAS-IP-Address = 192.168.1.1
    Called-Station-Id = "0016b6e2cc20"
    Calling-Station-Id = "0016b659f0d7"
    NAS-Identifier = "0016b6e2cc20"
    NAS-Port = 62
    Framed-MTU = 1400
    State = 0x2c846de62e8760f57fd0c142afa7b978
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020300060d00
    Message-Authenticator = 0x86dfb6f2b9a4a4a219ea59887d5563cc
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "example.com" for User-Name = "user at example.com"
[suffix] Found realm "example.com"
[suffix] Adding Realm = "example.com"
[suffix] Proxying request from user user to realm example.com
[suffix] Preparing to proxy authentication request to realm "example.com"
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm example.com.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry user at example.com at line 51
[files]     expand: Hello, %{User-Name} -> Hello, user at example.com
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 3090
    Reply-Message = "Hello, user at example.com"
    EAP-Message =
0x010404000dc000000b5703020102020900b66e36fdf4f33312300d06092...
    EAP-Message =
0x75733112301006035504071309536f6d657768657265311530130603550...
    EAP-Message =
0xeda0d0b5fe688a3f31d0d2569b4cf4d7f61a2196822bb2acee9a3ad4149...
    EAP-Message =
0x4652310f300d06035504081306526164697573311230100603550407130...
    EAP-Message = 0xd3c56640e3b3ce4de1c63af3
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x2c846de62f8060f57fd0c142afa7b978
Finished request 59.
Going to the next request
Waking up in 4.9 seconds.


> ~Huckle Berry
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100122/a04400f7/attachment.html>


More information about the Freeradius-Users mailing list