Freeradius + EAP_TLS + Cisco AP

Esteban TALAVERA etalaveran at
Thu Sep 23 23:43:43 CEST 2010


I configured a freeradius server with EAP_TLS to authenticate clients that
connects to Cisco AP.

When I run freeradius -X I got a lot of activity output but the client is
still trying to authenticate

I post last lines from the server's output

I see the port of Access-request es 1645 but I did configure 1812 in both
server and Cisco AP

The line "[tls] eaptls_process returned 13 " means something wrong?

What should be the correct output when successful authentication occurs?

rad_recv: Access-Request packet from host 192.168.X.X port 1645, id=51,
    User-Name = "etalaveran"
    Framed-MTU = 1400
    Called-Station-Id = "aca0.16ba.89f2"
    Calling-Station-Id = "0021.63ca.fdbe"
    Service-Type = Login-User
    Message-Authenticator = 0x32824bc17cf2b4b4920577cc57e00177
    EAP-Message = 0x020700060d00
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 285
    NAS-Port-Id = "285"
    State = 0x732b0744702c0abef63c2dd8a2b9de35
    NAS-IP-Address =
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "etalaveran", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry etalaveran at line 2
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 51 to 192.168.X.X port 1645
    EAP-Message = 0x0108000a0d8000000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x732b074477230abef63c2dd8a2b9de35
Finished request 19.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 15 ID 47 with timestamp +117
Cleaning up request 16 ID 48 with timestamp +117
Cleaning up request 17 ID 49 with timestamp +117
Cleaning up request 18 ID 50 with timestamp +117
Cleaning up request 19 ID 51 with timestamp +117
Ready to process requests.


*Esteban Talavera*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list