FreeRadius2(certos)+cisco2950+wpa_supplicant(win7) can't work with EAP-TLS

关旭 guanxu at aotuis.com
Tue Jun 26 14:20:47 CEST 2012 

Thank you for your reply!


Your means is 

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x24e5fa322535f760 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

?

I don't think is this,beause my client is wpa_supplicant not MS client, and eapol_test work fine.

On wpa_supplicant log,we can see:

EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 88 bytes pending from ssl_out
SSL: 88 bytes left to be sent out (of total 88 bytes)

The TLS just begin , and no certificate be used.

By wireshark,I catch these:

62	24.202360000	Cisco_f5:47:d1	WistronI_20:c6:3d	EAP	60	Unknown code (0x56)
127	54.201965000	Cisco_f5:47:d1	WistronI_20:c6:3d	EAP	60	Failure
128	54.203784000	Cisco_f5:47:d1	WistronI_20:c6:3d	EAP	60	Failure
129	54.204412000	Cisco_f5:47:d1	WistronI_20:c6:3d	EAP	60	Request, Identity [RFC3748]
130	54.291453000	WistronI_20:c6:3d	Nearest	EAP	28	Response, Identity [RFC3748]
131	54.307143000	Cisco_f5:47:d1	WistronI_20:c6:3d	EAP	60	Request, EAP-TLS [RFC5216] [Aboba]
132	54.338037000	WistronI_20:c6:3d	Nearest	SSL	118	Client Hello
133	54.366527000	Cisco_f5:47:d1	WistronI_20:c6:3d	EAP	60	Unknown code (0x56)
200	84.364442000	Cisco_f5:47:d1	WistronI_20:c6:3d	EAP	60	Unknown code (0x56)



-----邮件原件-----
发件人: freeradius-users-bounces+guanxu=aotuis.com at lists.freeradius.org [mailto:freeradius-users-bounces+guanxu=aotuis.com at lists.freeradius.org] 代表 Alan DeKok
发送时间: 2012年6月24日 19:28
收件人: FreeRadius users mailing list
主题: Re: FreeRadius2(certos)+cisco2950+wpa_supplicant(win7) can't work with EAP-TLS

关旭 wrote:
>          Just like the title,it work fine when I use  MSCHAPV2 or MD5, 
> But PEAP and EAP-TLS not works.
> 
>          I test Radius with eapol_test,It also work fine.
> 
>          Who can tell me the reason?

  The debug log you posted has the answer.  In big bold letters.

  Read it.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list