session resumption for WPA2-TLS
Dhinesh gunasekaran
gdhineshcse at gmail.com
Sun Jul 31 14:58:39 CEST 2011
hi,
am using Freeradius 2.1.10 along with wpa_supplicant 0.7.3 and hostapd 0.7.3
on ubuntu lucid 10.04 machines with openssl 1.0.0a in wpa_supplicant and
0.9.8k in freeradius server. i enabled session resumption in the free radius
and it works fine for EAP methods -PEAP and TTLS when i hand over connection
to previously connected Acess point and it is different when i configured
for TLS, it seems in the cache it didnt get any values to store and is my
debug report,
Sun Jul 31 12:47:52 2011 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
Sun Jul 31 12:47:52 2011 : Info: +- entering group authorize {...}
Sun Jul 31 12:47:52 2011 : Info: ++[preprocess] returns ok
Sun Jul 31 12:47:52 2011 : Info: ++[chap] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[mschap] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[digest] returns noop
Sun Jul 31 12:47:52 2011 : Info: [suffix] No '@' in User-Name = "anonymous",
looking up realm NULL
Sun Jul 31 12:47:52 2011 : Info: [suffix] No such realm "NULL"
Sun Jul 31 12:47:52 2011 : Info: ++[suffix] returns noop
Sun Jul 31 12:47:52 2011 : Info: [eap] EAP packet type response id 248
length 253
Sun Jul 31 12:47:52 2011 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Sun Jul 31 12:47:52 2011 : Info: ++[eap] returns updated
Sun Jul 31 12:47:52 2011 : Info: ++[files] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[expiration] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[logintime] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[pap] returns noop
Sun Jul 31 12:47:52 2011 : Info: Found Auth-Type = EAP
Sun Jul 31 12:47:52 2011 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Sun Jul 31 12:47:52 2011 : Info: +- entering group authenticate {...}
Sun Jul 31 12:47:52 2011 : Info: [eap] Request found, released from the list
Sun Jul 31 12:47:52 2011 : Info: [eap] EAP/tls
Sun Jul 31 12:47:52 2011 : Info: [eap] processing type tls
Sun Jul 31 12:47:52 2011 : Info: [tls] Authenticate
Sun Jul 31 12:47:52 2011 : Info: [tls] processing EAP-TLS
Sun Jul 31 12:47:52 2011 : Info: [tls] eaptls_verify returned 7
Sun Jul 31 12:47:52 2011 : Info: [tls] Done initial handshake
Sun Jul 31 12:47:52 2011 : Info: [tls] <<< TLS 1.0 Handshake [length 0823],
Certificate
Sun Jul 31 12:47:52 2011 : Info: [tls] chain-depth=1,
Sun Jul 31 12:47:52 2011 : Info: [tls] error=0
Sun Jul 31 12:47:52 2011 : Info: [tls] --> User-Name = anonymous
Sun Jul 31 12:47:52 2011 : Info: [tls] --> BUF-Name = CA_dhinu
Sun Jul 31 12:47:52 2011 : Info: [tls] --> subject =
/C=UK/ST=Lancashire/O=Computing
Department/OU=testbed/CN=CA_dhinu/emailAddress=
d.gunasekaran at comp.lancs.ac.uk
Sun Jul 31 12:47:52 2011 : Info: [tls] --> issuer =
/C=UK/ST=Lancashire/O=Computing
Department/OU=testbed/CN=CA_dhinu/emailAddress=
d.gunasekaran at comp.lancs.ac.uk
Sun Jul 31 12:47:52 2011 : Info: [tls] --> verify return:1
Sun Jul 31 12:47:52 2011 : Info: [tls] chain-depth=0,
Sun Jul 31 12:47:52 2011 : Info: [tls] error=0
Sun Jul 31 12:47:52 2011 : Info: [tls] --> User-Name = anonymous
Sun Jul 31 12:47:52 2011 : Info: [tls] --> BUF-Name = CA_dhinu
Sun Jul 31 12:47:52 2011 : Info: [tls] --> subject =
/C=UK/ST=Lancashire/O=Computing
Department/OU=testbed/CN=CA_dhinu/emailAddress=dhinu at lancs.ac.uk
Sun Jul 31 12:47:52 2011 : Info: [tls] --> issuer =
/C=UK/ST=Lancashire/O=Computing
Department/OU=testbed/CN=CA_dhinu/emailAddress=
d.gunasekaran at comp.lancs.ac.uk
Sun Jul 31 12:47:52 2011 : Info: [tls] --> verify return:1
Sun Jul 31 12:47:52 2011 : Info: [tls] TLS_accept: SSLv3 read client
certificate A
Sun Jul 31 12:47:52 2011 : Info: [tls] <<< TLS 1.0 Handshake [length 0046],
ClientKeyExchange
Sun Jul 31 12:47:52 2011 : Info: [tls] TLS_accept: SSLv3 read client key
exchange A
Sun Jul 31 12:47:52 2011 : Info: [tls] <<< TLS 1.0 Handshake [length 0106],
CertificateVerify
Sun Jul 31 12:47:52 2011 : Info: [tls] TLS_accept: SSLv3 read
certificate verify A
Sun Jul 31 12:47:52 2011 : Info: [tls] <<< TLS 1.0 ChangeCipherSpec [length
0001]
Sun Jul 31 12:47:52 2011 : Info: [tls] <<< TLS 1.0 Handshake [length 0010],
Finished
Sun Jul 31 12:47:52 2011 : Info: [tls] TLS_accept: SSLv3 read finished A
Sun Jul 31 12:47:52 2011 : Info: [tls] >>> TLS 1.0 ChangeCipherSpec [length
0001]
Sun Jul 31 12:47:52 2011 : Info: [tls] TLS_accept: SSLv3 write change
cipher spec A
Sun Jul 31 12:47:52 2011 : Info: [tls] >>> TLS 1.0 Handshake [length 0010],
Finished
Sun Jul 31 12:47:52 2011 : Info: [tls] TLS_accept: SSLv3 write finished
A
Sun Jul 31 12:47:52 2011 : Info: [tls] TLS_accept: SSLv3 flush data
Sun Jul 31 12:47:52 2011 : Debug: SSL: adding session
db2e0d09e995781ea6a8be00a185c82394939331d916a7e112ed20b332b00582 to cache
Sun Jul 31 12:47:52 2011 : Info: [tls] (other): SSL negotiation finished
successfully
Sun Jul 31 12:47:52 2011 : Debug: SSL Connection Established
Sun Jul 31 12:47:52 2011 : Info: [tls] eaptls_process returned 13
Sun Jul 31 12:47:52 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 17 to 2001:630:80:7439:20d:56ff:fec2:4098
port 42910
EAP-Message =
0x01f900450d800000003b1403010001011603010030de67c5937849b358ca0f69a0212cb9022fea5d0ed10e553e7fa9eb8824fc84e2cf2984baf71f2006be03d94ba21c2a49
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6e6d535068945e0c4436bf334612c0a4
Sun Jul 31 12:47:52 2011 : Info: Finished request 16.
Sun Jul 31 12:47:52 2011 : Debug: Going to the next request
Sun Jul 31 12:47:52 2011 : Debug: Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host
2001:630:80:7439:20d:56ff:fec2:4098 port 42910, id=18, length=173
User-Name = "anonymous"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "74-EA-3A-B3-FA-D9:dhinu_forgn"
Calling-Station-Id = "00-19-7D-1C-E5-DE"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02f900060d00
State = 0x6e6d535068945e0c4436bf334612c0a4
Message-Authenticator = 0x13f0a649759ecbfce547ce07cce913e5
Sun Jul 31 12:47:52 2011 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
Sun Jul 31 12:47:52 2011 : Info: +- entering group authorize {...}
Sun Jul 31 12:47:52 2011 : Info: ++[preprocess] returns ok
Sun Jul 31 12:47:52 2011 : Info: ++[chap] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[mschap] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[digest] returns noop
Sun Jul 31 12:47:52 2011 : Info: [suffix] No '@' in User-Name = "anonymous",
looking up realm NULL
Sun Jul 31 12:47:52 2011 : Info: [suffix] No such realm "NULL"
Sun Jul 31 12:47:52 2011 : Info: ++[suffix] returns noop
Sun Jul 31 12:47:52 2011 : Info: [eap] EAP packet type response id 249
length 6
Sun Jul 31 12:47:52 2011 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Sun Jul 31 12:47:52 2011 : Info: ++[eap] returns updated
Sun Jul 31 12:47:52 2011 : Info: ++[files] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[expiration] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[logintime] returns noop
Sun Jul 31 12:47:52 2011 : Info: ++[pap] returns noop
Sun Jul 31 12:47:52 2011 : Info: Found Auth-Type = EAP
Sun Jul 31 12:47:52 2011 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Sun Jul 31 12:47:52 2011 : Info: +- entering group authenticate {...}
Sun Jul 31 12:47:52 2011 : Info: [eap] Request found, released from the list
Sun Jul 31 12:47:52 2011 : Info: [eap] EAP/tls
Sun Jul 31 12:47:52 2011 : Info: [eap] processing type tls
Sun Jul 31 12:47:52 2011 : Info: [tls] Authenticate
Sun Jul 31 12:47:52 2011 : Info: [tls] processing EAP-TLS
Sun Jul 31 12:47:52 2011 : Info: [tls] Received TLS ACK
Sun Jul 31 12:47:52 2011 : Info: [tls] ACK handshake is finished
Sun Jul 31 12:47:52 2011 : Info: [tls] eaptls_verify returned 3
Sun Jul 31 12:47:52 2011 : Info: [tls] eaptls_process returned 3
Sun Jul 31 12:47:52 2011 : Info: [tls] Adding user data to cached session
Sun Jul 31 12:47:52 2011 : Info: [tls] Saving response in the cache
Sun Jul 31 12:47:52 2011 : Info: [tls] WARNING: No information to cache:
session caching will be disabled for this session.
Sun Jul 31 12:47:52 2011 : Debug: SSL: Removing session
db2e0d09e995781ea6a8be00a185c82394939331d916a7e112ed20b332b00582 from the
cache
Sun Jul 31 12:47:52 2011 : Info: [eap] Freeing handler
Sun Jul 31 12:47:52 2011 : Info: ++[eap] returns ok
Sun Jul 31 12:47:52 2011 : Info: # Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
Sun Jul 31 12:47:52 2011 : Info: +- entering group post-auth {...}
Sun Jul 31 12:47:52 2011 : Info: ++[exec] returns noop
Sending Access-Accept of id 18 to 2001:630:80:7439:20d:56ff:fec2:4098 port
42910
MS-MPPE-Recv-Key =
0x308de706550b0dbf9ba5659899878625e53aaa582d2488d1367917cdaba0aaa6
MS-MPPE-Send-Key =
0xb24de61b11d2bf5e3c1b8d1806522ebbb2361457e389c088f01e8a3d27cb160f
EAP-Message = 0x03f90004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "anonymous"
Sun Jul 31 12:47:52 2011 : Info: Finished request 17.
Sun Jul 31 12:47:52 2011 : Debug: Going to the next request
Sun Jul 31 12:47:52 2011 : Debug: Waking up in 4.6 seconds.
rad_recv: Accounting-Request packet from host
2001:630:80:7439:20d:56ff:fec2:4098 port 53849, id=19, length=154
in eap.conf, i enabled tls > cache > enable = yes
lifetime is 10 hrs
cheers,
dhinu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110731/bdb26f5d/attachment.html>
More information about the Freeradius-Users
mailing list