freeradius 2.1.10 WARNING: Internal sanity check failed

joanroldan joan.roldan.paitovi at gmail.com
Fri Apr 1 11:43:39 CEST 2011


Hi,

I have followed your advise and I went back to the default config. I have
read the:

http://deployingradius.com/documents/configuration/certificates.html

And I have followed it step by step. Testing first the PAP auth with an
entry in users.conf and it worked fine. Next I add the Wireless LAN
Controller in clients.conf and change the default eap_type with peap.

I get the next warning:

Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Debug: WARNING: !! EAP session for state 0xc729a88ac72ab1dd did not finish!
Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Testing with an WinXP and Win7 client, so I do not think its a Supplicant
issue.

The supplicant config is PEAP with MSCHAPv2, and no certificate validation.

I have a look to certs/README file, and I have studied the ./bootstrap
script I make sure xpextensions are applied.I also launch

rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*

Before modifying the server.cnf and ca.cnf and launch bootstrap script
again.

I always get the same warning, I do no undestand why. In
http://deployingradius.com says it just worked, but not in my enviorment.

I attach the output:

Thu Mar 31 13:14:25 2011 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51,
length=173
        User-Name = "bob"
        Calling-Station-Id = "00-1B-77-8E-1E-A4"
        Called-Station-Id = "00-1E-4A-90-5F-30:eduroam"
        NAS-Port = 29
        NAS-IP-Address = 10.118.249.20
        NAS-Identifier = "WLC_2_SCC_LAB"
        Airespace-Wlan-Id = 1
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "911"
        EAP-Message = 0x0202000801626f62
        Message-Authenticator = 0xfabf4ce8269ee315494653e616f244ce
Thu Mar 31 13:14:26 2011 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Thu Mar 31 13:14:26 2011 : Info: +- entering group authorize {...}
Thu Mar 31 13:14:26 2011 : Info: ++[preprocess] returns ok
Thu Mar 31 13:14:26 2011 : Info: ++[chap] returns noop
Thu Mar 31 13:14:26 2011 : Info: ++[mschap] returns noop
Thu Mar 31 13:14:26 2011 : Info: ++[digest] returns noop
Thu Mar 31 13:14:26 2011 : Info: [suffix] No '@' in User-Name = "bob",
looking up realm NULL
Thu Mar 31 13:14:26 2011 : Info: [suffix] No such realm "NULL"
Thu Mar 31 13:14:26 2011 : Info: ++[suffix] returns noop
Thu Mar 31 13:14:26 2011 : Info: [eap] EAP packet type response id 2 length
8
Thu Mar 31 13:14:26 2011 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Thu Mar 31 13:14:26 2011 : Info: ++[eap] returns updated
Thu Mar 31 13:14:26 2011 : Info: [files] users: Matched entry bob at line 1
Thu Mar 31 13:14:26 2011 : Info: ++[files] returns ok
Thu Mar 31 13:14:26 2011 : Info: ++[expiration] returns noop
Thu Mar 31 13:14:26 2011 : Info: ++[logintime] returns noop
Thu Mar 31 13:14:26 2011 : Info: [pap] WARNING: Auth-Type already set.  Not
setting to PAP
Thu Mar 31 13:14:26 2011 : Info: ++[pap] returns noop
Thu Mar 31 13:14:26 2011 : Info: Found Auth-Type = EAP
Thu Mar 31 13:14:26 2011 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Thu Mar 31 13:14:26 2011 : Info: +- entering group authenticate {...}
Thu Mar 31 13:14:26 2011 : Info: [eap] EAP Identity
Thu Mar 31 13:14:26 2011 : Info: [eap] processing type tls
Thu Mar 31 13:14:26 2011 : Info: [tls] Initiate
Thu Mar 31 13:14:26 2011 : Info: [tls] Start returned 1
Thu Mar 31 13:14:26 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 51 to 10.118.249.20 port 32768
        EAP-Message = 0x010300061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc729a88ac72ab1dd3e4f8d4fc2851f1c
Thu Mar 31 13:14:26 2011 : Info: Finished request 9.
Thu Mar 31 13:14:26 2011 : Debug: Going to the next request
Thu Mar 31 13:14:26 2011 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51,
length=173
Thu Mar 31 13:14:28 2011 : Info: Sending duplicate reply to client WiSM port
32768 - ID: 51
Sending Access-Challenge of id 51 to 10.118.249.20 port 32768
Thu Mar 31 13:14:28 2011 : Debug: Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51,
length=173
Thu Mar 31 13:14:30 2011 : Info: Sending duplicate reply to client WiSM port
32768 - ID: 51
Sending Access-Challenge of id 51 to 10.118.249.20 port 32768
Thu Mar 31 13:14:30 2011 : Debug: Waking up in 0.9 seconds.
Thu Mar 31 13:14:31 2011 : Info: Cleaning up request 9 ID 51 with timestamp
+60
Thu Mar 31 13:14:31 2011 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thu Mar 31 13:14:31 2011 : Debug: WARNING: !! EAP session for state
0xc729a88ac72ab1dd did not finish!
Thu Mar 31 13:14:31 2011 : Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Thu Mar 31 13:14:31 2011 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thu Mar 31 13:14:31 2011 : Info: Ready to process requests.

Thanks in advance. 

--
View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius-2-1-10-WARNING-Internal-sanity-check-failed-tp3340058p4275026.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list