Failure with "TLS authentication" and "Freeradius on Fefora-17"

Ajay Garg ajaygargnsit at gmail.com
Mon Jan 7 16:12:06 CET 2013


Ok,
here are the logs that should identify the problem ::

#############################################################################################
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=2,
length=135
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000e01616e6f6e796d6f7573
    Message-Authenticator = 0x75ec2aaf6e4ff4d556074d228a772faa
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.1.1 port 2050
    EAP-Message = 0x010200160410d85d9080f8377ffbd43fcd11902d0849
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xca27a4c8ca25a0d1b0def0b7ea3684b7
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 2 with timestamp +2
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=1,
length=135
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000e01616e6f6e796d6f7573
    Message-Authenticator = 0x9bd9b052f78877d9825931a00861c9bb
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.1.1 port 2050
    EAP-Message = 0x010200160410c80696960e9200663db1880b98547d70
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xc4e4c720c4e6c3e7c1639dca0ec5602b
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 1 with timestamp +36
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=3,
length=135
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000e01616e6f6e796d6f7573
    Message-Authenticator = 0xda721dc9da1bf772e873ef7dd3c3118e
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.1.1 port 2050
    EAP-Message = 0x0102001604103d35620c02dfe385b8e85d29be12cbe6
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xae0bee3aae09ea25398daf498c4b8a60
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=4,
length=145
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x02020006030d
    State = 0xae0bee3aae09ea25398daf498c4b8a60
    Message-Authenticator = 0x4a12c5fe1710ce5b4cd16e03e20a3dff
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/tls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.1.1 port 2050
    EAP-Message = 0x010300060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xae0bee3aaf08e325398daf498c4b8a60
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=5,
length=257
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message =
0x020300760d00160301006b01000067030150ea6299ec45ad966ebbb9ea9b1bf4543ef4d67c15e63acdd86d348a01f3c5e400003a00390038008800870035008400160013000a00330032009a009900450044002f00960041000500040015001200090014001100080006000300ff0100000400230000
    State = 0xae0bee3aaf08e325398daf498c4b8a60
    Message-Authenticator = 0x9a29080d67d6c2d43cf9902dc5657a5a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 118
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls]     (other): before/accept initialization
[tls]     TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 006b], ClientHello
[tls]     TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 0031], ServerHello
[tls]     TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 085e], Certificate
[tls]     TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[tls]     TLS_accept: SSLv3 write key exchange A
[tls] >>> TLS 1.0 Handshake [length 00a7], CertificateRequest
[tls]     TLS_accept: SSLv3 write certificate request A
[tls]     TLS_accept: SSLv3 flush data
[tls]     TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.1.1 port 2050
    EAP-Message =
0x010404000dc000000b5716030100310200002d030150ea62998db3927a94e8e3958d4a0718aba9c8fe83861e325933d52ace7337eb000039000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
    EAP-Message =
0x74686f72697479301e170d3133303130323230343931335a170d3133303330333230343931335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a964d88984f11cf2e098e9d5067ed817b2fb753629751159a8fd20593b91b2e13ed90ee1a40af0d5a20c954c361d534de87499ddfc01fb
    EAP-Message =
0xdd17e668da7580b889bb76cd99e5a15fe170528fd99c344736d96ef562984a8aaaf3d7fe88c62a5ee4ce361905a185b8c7f4e4f4707e7c33fbaf720bf67c46a9d1b340b82fc9e5f614bdc9b0b72d4fcf3994a37178db025b37cc4e96b27f5d5e1826e5368610faff2a5029d662206d25c0a9490a50293df2569910f46beb4f46f67087b917a3b45a0a5a5ccc7fba5f7c9b9eaf86a07f8b994e8116b5665126c91d25a54c2c48fae0b8e3fce245773f2a4a1aafb97edb4399aa76b31b29752f9794f08176d189399f210203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101009619
    EAP-Message =
0x95251b10a7381486cc6ced9dd00aacdc4338a5564cf99ea96e489e35a561cf242342ce6661d35d3d9d87173698e530ecb82484b1ea3b5dd1cd9a4a1b2daefe3e6c1042f85d50692a4e012ac026a25a9bd9cc21d530eba40f8ea6b328518ccfa33a5cfac384e95981f5675bc2c01c5ef9809de95cfbf9aabc0df194efe65160d4b2967857897c1468afcba2718db7c15004847f729e757b26f6ff4a0b2e48b0cbb9eabd3d405497c87d7fc6f0872c5390fd9a791aff329be726d67ae2198e01ea1c8b49719bf3e8245db56f4574bb82ed02ed8eb7cfb7a0ee44b4fb350856e50c641720eb9edeab47a7d5a65ab64505ae4c4bec18d8bacedd3883fd72b9
    EAP-Message = 0x5d0004ab308204a73082038f
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xae0bee3aac0fe325398daf498c4b8a60
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=6,
length=145
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020400060d00
    State = 0xae0bee3aac0fe325398daf498c4b8a60
    Message-Authenticator = 0x193913d4ff0d73cc840b624497a2f03d
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.1.1 port 2050
    EAP-Message =
0x010504000dc000000b57a003020102020900893e0a05a634a356300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133303130363133333635375a170d3133303330373133333635375a308193310b3009060355040613024652310f300d06035504081306526164
    EAP-Message =
0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ebdd02fa2a5b2b43e5806d41656bda51cfa2bca2936fbe168be1781f14ca7d2c608976fcfc45fd63bb44a21fa1a4b4e2a9d00a3603b9504d21d9d9120723846c660602372539c687c2e24ee4cfe4f6b433f3c4c6d4397e1eb079dd08872cb3eef18e35a5
    EAP-Message =
0x9a77761396f8666694336040a446e40374b306d1057aeb78b6a6296aee0f8930819b987adf8412bf6f4455b8c67f5c92bbae6bfbed30ecbd38fb7ee015a7d260e8ef80f47d8eba63dca2f2014fdc8fcd4db4d898e56388e3b4963c338ed11d9dfacae18e64573f17b72383d9ae9fa96d76fb9b47ee6e6ce7e2c5be485abada0feb5c4a9aa83297af2623cf931c3b88335fa3e781ab3dadfd3b62a2a10203010001a381fb3081f8301d0603551d0e04160414afc3a72620ddd02d5a37ee2fb8876c1793d4190d3081c80603551d230481c03081bd8014afc3a72620ddd02d5a37ee2fb8876c1793d4190da18199a48196308193310b3009060355040613
    EAP-Message =
0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900893e0a05a634a356300c0603551d13040530030101ff300d06092a864886f70d010105050003820101000bed6913d854c30ff8c5a9ae3f706e8cc97d5ee63ae8857b16297b38ab43b2562000e4f345dca706cf4c54156a134573a4b811751a43985545972e8807b60673979031538e7c5b
    EAP-Message = 0xc4643173fc8b9e067abaa332
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xae0bee3aad0ee325398daf498c4b8a60
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=7,
length=145
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020500060d00
    State = 0xae0bee3aad0ee325398daf498c4b8a60
    Message-Authenticator = 0xe493fc1cbfbd7a59dbbf0ccc9f8390f2
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.1.1 port 2050
    EAP-Message =
0x010603750d8000000b57c5525516ee08169c65c0605ff1cd8cb8875d23e93b6eae5bf6190e00fa5d09244e6d6df1fd4b721fa3e32b197ee2a3c2093c79b83fd8c8390d01480fe5e0f7a933d0d91217a6b989b36c62dadd8f1580d2316cfde9b2db5c8cb8767c614cdd722810fcd7aa086eebb0de60a915eee1c3bf3399aabd4e727e08a333010b0f34fefe6cf58fee5df022c2b1372272987c4c86fd91937e61f881b45d238101eda2d6705291d4ba43ee237f1dfec55a160301020d0c0002090080f1516afb0dd4bfb40ee4121b45f29c3e6e01b2997948fa411b9459c47d5cc1c7c94f69338de1c704610c3ecc7bb948de7838e51cf5c4bd11d9dac2
    EAP-Message =
0x657619ad86970871a77831bfe882d146839667309241f4d237e6996317113f458282372ac089f43c84e5f9cbbf5cf5af469ab7b0a7a3cc98363638dbcb57e41338d196f17b0001020080bd8697560cbf77c14813e123c7b7c9ce79f5645fda561240ea65bddb36cf520baa2b174879be8a091bda39af0bb7659d832944672aaffdf76002a21a9ada45e22323803f2a76002f302a8c69ae11a3d78c3d9f5c485a2ca8bf94e8232892a78b0e023df8325cbbf8d0b5b24576ab1e194ecd8a33eb5105e0cd0c9d81909d756a010009d4606d20f3134e39eb37d5947e4b32b7e5bc842cd052623c8a0e69d5cdfd1ff13b405e08a5672fa3e9780078b182967d
    EAP-Message =
0x4ae6ca5c02cb2d3f67b49f7cc5b015eb6cd69466e6dbd761792e04f8eb009ffea8c9d833fcc9a790874fe694dce4ef32104f42417a8574f0e4e13580d49ec0664b9325a707ae7ccef2ff8e652b0a4d428a2dc81b1878a9a0b1656cd60d7210a533bfdb6c6c324f0edcdfd73e46fd273275f0450558a36bdc79f6ed879c5d237f3efb8e33d023dae952d2a63acb45fc8415ab961b212a0b03e3de16ba0a13fa2f8082d4a4614d83978a5ada9528ec0e7d638586339a7f1f51c7baefb53a2f8187c67bc40344bfd53dd35ffcf2c13bee16030100a70d00009f040304010200980096308193310b3009060355040613024652310f300d0603550408130652
    EAP-Message =
0x61646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f726974790e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xae0bee3aaa0de325398daf498c4b8a60
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=8,
length=152
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0206000d0d0015030100020233
    State = 0xae0bee3aaa0de325398daf498c4b8a60
    Message-Authenticator = 0x1bca69d903deee46c3b0e357c59ec8f9
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Alert [length 0002], fatal decrypt_error
TLS Alert read:fatal:decrypt error
    TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert
decrypt error
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> anonymous
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 8 to 192.168.1.1 port 2050
    EAP-Message = 0x04060004
    Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=9,
length=135
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000e01616e6f6e796d6f7573
    Message-Authenticator = 0xecd41729c398e8d7cb3aeffa77620477
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 9 to 192.168.1.1 port 2050
    EAP-Message = 0x010200160410ab1098f6acd219d7dc4d99ea0eb9e76e
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabe3eedaabe1ea79298f3c2e2b2155c8
Finished request 8.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=10,
length=145
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x02020006030d
    State = 0xabe3eedaabe1ea79298f3c2e2b2155c8
    Message-Authenticator = 0xfcbbdc4bf7bde2c3d05ad53e4245fc28
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/tls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 10 to 192.168.1.1 port 2050
    EAP-Message = 0x010300060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabe3eedaaae0e379298f3c2e2b2155c8
Finished request 9.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=11,
length=257
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message =
0x020300760d00160301006b01000067030150ea629e121e3f40f9cea283dd9bf6358c1c3b7c81b59d598c2d5963f2d8304e00003a00390038008800870035008400160013000a00330032009a009900450044002f00960041000500040015001200090014001100080006000300ff0100000400230000
    State = 0xabe3eedaaae0e379298f3c2e2b2155c8
    Message-Authenticator = 0x30e1a5af5af01fd1733a414414155c8e
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 118
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls]     (other): before/accept initialization
[tls]     TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 006b], ClientHello
[tls]     TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 0031], ServerHello
[tls]     TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 085e], Certificate
[tls]     TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[tls]     TLS_accept: SSLv3 write key exchange A
[tls] >>> TLS 1.0 Handshake [length 00a7], CertificateRequest
[tls]     TLS_accept: SSLv3 write certificate request A
[tls]     TLS_accept: SSLv3 flush data
[tls]     TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 11 to 192.168.1.1 port 2050
    EAP-Message =
0x010404000dc000000b5716030100310200002d030150ea629edade68b29196650a02e89a0bbc7a678f82b96a462b76efd75699c84d000039000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
    EAP-Message =
0x74686f72697479301e170d3133303130323230343931335a170d3133303330333230343931335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a964d88984f11cf2e098e9d5067ed817b2fb753629751159a8fd20593b91b2e13ed90ee1a40af0d5a20c954c361d534de87499ddfc01fb
    EAP-Message =
0xdd17e668da7580b889bb76cd99e5a15fe170528fd99c344736d96ef562984a8aaaf3d7fe88c62a5ee4ce361905a185b8c7f4e4f4707e7c33fbaf720bf67c46a9d1b340b82fc9e5f614bdc9b0b72d4fcf3994a37178db025b37cc4e96b27f5d5e1826e5368610faff2a5029d662206d25c0a9490a50293df2569910f46beb4f46f67087b917a3b45a0a5a5ccc7fba5f7c9b9eaf86a07f8b994e8116b5665126c91d25a54c2c48fae0b8e3fce245773f2a4a1aafb97edb4399aa76b31b29752f9794f08176d189399f210203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101009619
    EAP-Message =
0x95251b10a7381486cc6ced9dd00aacdc4338a5564cf99ea96e489e35a561cf242342ce6661d35d3d9d87173698e530ecb82484b1ea3b5dd1cd9a4a1b2daefe3e6c1042f85d50692a4e012ac026a25a9bd9cc21d530eba40f8ea6b328518ccfa33a5cfac384e95981f5675bc2c01c5ef9809de95cfbf9aabc0df194efe65160d4b2967857897c1468afcba2718db7c15004847f729e757b26f6ff4a0b2e48b0cbb9eabd3d405497c87d7fc6f0872c5390fd9a791aff329be726d67ae2198e01ea1c8b49719bf3e8245db56f4574bb82ed02ed8eb7cfb7a0ee44b4fb350856e50c641720eb9edeab47a7d5a65ab64505ae4c4bec18d8bacedd3883fd72b9
    EAP-Message = 0x5d0004ab308204a73082038f
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabe3eedaa9e7e379298f3c2e2b2155c8
Finished request 10.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=12,
length=145
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020400060d00
    State = 0xabe3eedaa9e7e379298f3c2e2b2155c8
    Message-Authenticator = 0x149a9c87d709b9bf0e0365f5ac248e7f
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 12 to 192.168.1.1 port 2050
    EAP-Message =
0x010504000dc000000b57a003020102020900893e0a05a634a356300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133303130363133333635375a170d3133303330373133333635375a308193310b3009060355040613024652310f300d06035504081306526164
    EAP-Message =
0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ebdd02fa2a5b2b43e5806d41656bda51cfa2bca2936fbe168be1781f14ca7d2c608976fcfc45fd63bb44a21fa1a4b4e2a9d00a3603b9504d21d9d9120723846c660602372539c687c2e24ee4cfe4f6b433f3c4c6d4397e1eb079dd08872cb3eef18e35a5
    EAP-Message =
0x9a77761396f8666694336040a446e40374b306d1057aeb78b6a6296aee0f8930819b987adf8412bf6f4455b8c67f5c92bbae6bfbed30ecbd38fb7ee015a7d260e8ef80f47d8eba63dca2f2014fdc8fcd4db4d898e56388e3b4963c338ed11d9dfacae18e64573f17b72383d9ae9fa96d76fb9b47ee6e6ce7e2c5be485abada0feb5c4a9aa83297af2623cf931c3b88335fa3e781ab3dadfd3b62a2a10203010001a381fb3081f8301d0603551d0e04160414afc3a72620ddd02d5a37ee2fb8876c1793d4190d3081c80603551d230481c03081bd8014afc3a72620ddd02d5a37ee2fb8876c1793d4190da18199a48196308193310b3009060355040613
    EAP-Message =
0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900893e0a05a634a356300c0603551d13040530030101ff300d06092a864886f70d010105050003820101000bed6913d854c30ff8c5a9ae3f706e8cc97d5ee63ae8857b16297b38ab43b2562000e4f345dca706cf4c54156a134573a4b811751a43985545972e8807b60673979031538e7c5b
    EAP-Message = 0xc4643173fc8b9e067abaa332
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabe3eedaa8e6e379298f3c2e2b2155c8
Finished request 11.
Going to the next request
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=13,
length=145
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020500060d00
    State = 0xabe3eedaa8e6e379298f3c2e2b2155c8
    Message-Authenticator = 0x9e8a73edbb4a3672f9accd02064288f1
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 13 to 192.168.1.1 port 2050
    EAP-Message =
0x010603750d8000000b57c5525516ee08169c65c0605ff1cd8cb8875d23e93b6eae5bf6190e00fa5d09244e6d6df1fd4b721fa3e32b197ee2a3c2093c79b83fd8c8390d01480fe5e0f7a933d0d91217a6b989b36c62dadd8f1580d2316cfde9b2db5c8cb8767c614cdd722810fcd7aa086eebb0de60a915eee1c3bf3399aabd4e727e08a333010b0f34fefe6cf58fee5df022c2b1372272987c4c86fd91937e61f881b45d238101eda2d6705291d4ba43ee237f1dfec55a160301020d0c0002090080f1516afb0dd4bfb40ee4121b45f29c3e6e01b2997948fa411b9459c47d5cc1c7c94f69338de1c704610c3ecc7bb948de7838e51cf5c4bd11d9dac2
    EAP-Message =
0x657619ad86970871a77831bfe882d146839667309241f4d237e6996317113f458282372ac089f43c84e5f9cbbf5cf5af469ab7b0a7a3cc98363638dbcb57e41338d196f17b00010200802bd94c4be6d7bd6f520fe91b8cac697adaa8dc3240308d9f0b3f04f749c302cd5ec39ca8a931db592bf7d778e99e0291b46eb3cebb18db892b4c666f462cfa60b7fe2313902f570d413f3785ab8d9f5fd96ae5cec61d56254d16c5ecac43c81351dc8c3ff4780369d517f47258db7888ad6e7040bdf898e29c040a3cfcd4e394010013c6ca68e4913b46fc45bc2d0b38ab82f836a74e8de968a48a821dc9e93f2675d39fc47d3435ef78cf9ae12b1eef02426a
    EAP-Message =
0xa9e4932f46cd64a13d8e939a2e5814c9eb0c2336486ec1e414821fd7c6a1339f417c33ab2bd0fbd6ff4cecf8f97f6fe5c55c3c37af2d240c71988a9a4eedd099f278bd3d696f31581352ca435d450ed5e4a758d9cd74d3f9664d713636e3c23ba7ab21816ac344e5e5bb88e6eafa4fe3719ce5c7eab5f2fdd5a7815725a7e46982177439fca1b3c7dacd5a0a6b1212a72d45ed28b492eaeb19d4fc4656a032577c35e4d2774564a90fc45bff8329778bd3eff4592061287bebf209bc278adf498b695f4bfc0ee251e500be5b62f81a16030100a70d00009f040304010200980096308193310b3009060355040613024652310f300d0603550408130652
    EAP-Message =
0x61646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f726974790e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xabe3eedaafe5e379298f3c2e2b2155c8
Finished request 12.
Going to the next request
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2050, id=14,
length=152
    User-Name = "anonymous"
    NAS-IP-Address = 192.168.1.1
    NAS-Identifier = "NasId1"
    NAS-Port = 0
    Called-Station-Id = "80-A1-D7-19-BC-CC"
    Calling-Station-Id = "8C-A9-82-0A-72-C2"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0206000d0d0015030100020233
    State = 0xabe3eedaafe5e379298f3c2e2b2155c8
    Message-Authenticator = 0xedb4fd5e95ead9066cd40b0e9436166f
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Alert [length 0002], fatal decrypt_error
TLS Alert read:fatal:decrypt error
    TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert
decrypt error
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> anonymous
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 13 for 1 seconds
Going to the next request
Waking up in 0.3 seconds.
Cleaning up request 2 ID 3 with timestamp +53
Cleaning up request 3 ID 4 with timestamp +53
Cleaning up request 4 ID 5 with timestamp +53
Cleaning up request 5 ID 6 with timestamp +53
Cleaning up request 6 ID 7 with timestamp +53
Waking up in 0.5 seconds.
Sending delayed reject for request 13
Sending Access-Reject of id 14 to 192.168.1.1 port 2050
    EAP-Message = 0x04060004
    Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 0.4 seconds.
#############################################################################################

On Mon, Jan 7, 2013 at 7:30 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Ajay Garg wrote:
> > I tried attaching the debug log-file, but the mail-message was rejected
> > by the mailing list for exceeding 100KB
> >
> > How am I supposed to attach the complete logs?
>
>   Shorten it.  Much of the conf file output can be deleted.
>
>   Or, READ IT.  Odds are that the answers to your questions are in the
> debug output.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Regards,
Ajay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130107/fb9f2e86/attachment-0001.html>


More information about the Freeradius-Users mailing list