certificate expiration proble

Muhammad Nadeem mnadeem8327 at gmail.com
Fri Jul 19 11:36:32 CEST 2013


hi everybody,
I am trying to configure eap with some customized certificates, I have
configured eap.config correctly.
But I am getting the error of "certificate expired". Although i have the
latest certificates.
here is the log
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=241,
length=216
User-Name = "0026826172C4 at test_cpe.com"
NAS-IP-Address = 2.2.2.2
Calling-Station-Id = "0026826172c4"
NAS-Identifier = "WASN"
Event-Timestamp = "Jul 18 2013 16:53:41 PKT"
EAP-Message = 0x02f2001e0130303236383236313732433440746573745f6370652e636f6d
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap = Supported
WiMAX-Attr-1281 = 0x01
WiMAX-BS-Id = 0x303030303066303030663130
WiMAX-GMT-Timezone-offset = 18000
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 99
Service-Type = Framed-User
Message-Authenticator = 0xf6c08b2315b3ca00a2121a64e669594a
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 242 length 30
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eap] EAP packet type response id 242 length 30
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> 0026826172C4 at test_cpe.com
[sql] sql_set_user escaped user --> '0026826172C4 at test_cpe.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum
AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute,
AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM
dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS
USERNAME,'Login-Time' AS Attribute, (select
decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM)
from SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in
((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM
dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from
(SELECT rownum AS RC_ID,'0026826172C4 at test_cpe.com'
[sql] User found in radcheck table
[sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE,
RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in (
(AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and  (THR_THROTTLEID=0 or
THR_THROTTLEID is null) and RE_RESOURSEID=0 and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi')
and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi')
and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND
NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE
NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, '
0026826172C4 at test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM
AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('
0026826172C4 at test_cpe.com') )) and  (THR_THROTTLEID=0 or THR_THROTTLEID is
null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
Found Auth-Type = Accept
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user '0026826172C4 at test_cpe.com'
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group eap {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 241 to 2.2.2.2 port 10010
hw-application-type := Simple-Mobile
hw-flow-info :=
"FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0"
hw-application-scene := 1
hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;"
WiMAX-Release := "1.1"
WiMAX-Accounting-Capabilities := Flow-Based
WiMAX-Hotlining-Capabilities := Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap := Supported
hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;"
hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;"
EAP-Message = 0x01f300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0718f89107ebf525d78d83a17abaa53c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=242,
length=298
User-Name = "0026826172C4 at test_cpe.com"
NAS-IP-Address = 2.2.2.2
State = 0x0718f89107ebf525d78d83a17abaa53c
Calling-Station-Id = "0026826172c4"
NAS-Identifier = "WASN"
Event-Timestamp = "Jul 18 2013 16:53:41 PKT"
EAP-Message =
0x02f3005e0d0016030100530100004f03013dc8d3a7680f76fa87876469bd0b8eb5eb633c9db9d79a985f8d60a72479101c00002800390038003500160013000a00330032002f000700050004001500120009001400110008000600030100
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap = Supported
WiMAX-Attr-1281 = 0x01
WiMAX-BS-Id = 0x303030303066303030663130
WiMAX-GMT-Timezone-offset = 18000
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 99
Service-Type = Framed-User
Message-Authenticator = 0x9469972114207760975db1717a3a34d5
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 243 length 94
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eap] EAP packet type response id 243 length 94
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> 0026826172C4 at test_cpe.com
[sql] sql_set_user escaped user --> '0026826172C4 at test_cpe.com'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum
AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute,
AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM
dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS
USERNAME,'Login-Time' AS Attribute, (select
decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM)
from SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in
((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM
dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from
(SELECT rownum AS RC_ID,'0026826172C4 at test_cpe.com'
[sql] User found in radcheck table
[sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE,
RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in (
(AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and  (THR_THROTTLEID=0 or
THR_THROTTLEID is null) and RE_RESOURSEID=0 and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi')
and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi')
and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND
NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE
NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, '
0026826172C4 at test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM
AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('
0026826172C4 at test_cpe.com') )) and  (THR_THROTTLEID=0 or THR_THROTTLEID is
null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
Found Auth-Type = Accept
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user '0026826172C4 at test_cpe.com'
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group eap {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls]     (other): before/accept initialization
[tls]     TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0053], ClientHello
[tls]     TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls]     TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 041d], Certificate
[tls]     TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[tls]     TLS_accept: SSLv3 write key exchange A
[tls] >>> TLS 1.0 Handshake [length 02c6], CertificateRequest
[tls]     TLS_accept: SSLv3 write certificate request A
[tls]     TLS_accept: SSLv3 flush data
[tls]     TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 242 to 2.2.2.2 port 10010
hw-application-type := Simple-Mobile
hw-flow-info :=
"FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0"
hw-application-scene := 1
hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;"
WiMAX-Release := "1.1"
WiMAX-Accounting-Capabilities := Flow-Based
WiMAX-Hotlining-Capabilities := Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap := Supported
hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;"
hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;"
EAP-Message =
0x01f404000dc00000092e160301002a02000026030151e7d364c55e3e763c5d8c8dbdaf4710f12b4d01814f68ea37a38ea02698410f00003900160301041d0b0004190004160004133082040f30820378a00302010202100a8daa0eb4b4dc5173a3e0b28f8a6f54300d06092a864886f70d01010505003081ce310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e312130
EAP-Message =
0x1f06035504031318546861777465205072656d69756d205365727665722043413128302606092a864886f70d01090116197072656d69756d2d736572766572407468617774652e636f6d301e170d3039303331363030303030305a170d3134303331353233353935395a30818f310b300906035504061302504b3110300e060355040813074361706974616c311230100603550407130949736c616d6162616431223020060355040a131957492d54524942452050414b495354414e204c494d49544544310e300c060355040b130557694d4158312630240603550403131d6973622d64636e2d6e706d2d312e77692d74726962652e6e65742e706b30
EAP-Message =
0x820122300d06092a864886f70d01010105000382010f003082010a0282010100e28863d9e8d12cd729c23ee0d04f706c1021a62e380df58f4d05ce8127cc86ba076db893764f48f1fab9c9d167da1c8b98f6d43e9c0d5b4fff25e4e77b58b9648634505d96d5eaa9390b9fdb388fb7d1376884086f5f35cb3c93804b6d15941f520aa960172c9abfbc6e8ab749444ccdc8e8d7a694f653535bd4299a0ce89cff1ff5c02d4b709947dab10d19fb26f1eb805dc3978998fb425099dbed5509dce7c585df45f1919314fefaadff501ca6f22b535b4066b6a10b99c80fc41b1140f308e798e2a586781c9452cb906797eea317500b2b3d52f0c9a6be20c758
EAP-Message =
0x22d6a21edf30d99140bb973e95a8d990dc48271319ad889db9954d3f1b9440851c08190203010001a381a63081a3300c0603551d130101ff0402300030400603551d1f043930373035a033a031862f687474703a2f2f63726c2e7468617774652e636f6d2f5468617774655365727665725072656d69756d43412e63726c301d0603551d250416301406082b0601050507030106082b06010505070302303206082b0601050507010104263024302206082b060105050730018616687474703a2f2f6f6373702e7468617774652e636f6d300d06092a864886f70d0101050500038181009042258eddf33fd439caed0bafd47843de7912872f8dff187f
EAP-Message = 0x47830d0d7cc25b2a6ccf51eb
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0718f89106ecf525d78d83a17abaa53c
Finished request 1.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=243,
length=210
User-Name = "0026826172C4 at test_cpe.com"
NAS-IP-Address = 2.2.2.2
State = 0x0718f89106ecf525d78d83a17abaa53c
Calling-Station-Id = "0026826172c4"
NAS-Identifier = "WASN"
Event-Timestamp = "Jul 18 2013 16:53:41 PKT"
EAP-Message = 0x02f400060d00
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap = Supported
WiMAX-Attr-1281 = 0x01
WiMAX-BS-Id = 0x303030303066303030663130
WiMAX-GMT-Timezone-offset = 18000
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 99
Service-Type = Framed-User
Message-Authenticator = 0x70c92466c047fac172063f65e7c3a753
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 244 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eap] EAP packet type response id 244 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> 0026826172C4 at test_cpe.com
[sql] sql_set_user escaped user --> '0026826172C4 at test_cpe.com'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum
AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute,
AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM
dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS
USERNAME,'Login-Time' AS Attribute, (select
decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM)
from SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in
((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM
dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from
(SELECT rownum AS RC_ID,'0026826172C4 at test_cpe.com'
[sql] User found in radcheck table
[sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE,
RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in (
(AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and  (THR_THROTTLEID=0 or
THR_THROTTLEID is null) and RE_RESOURSEID=0 and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi')
and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi')
and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND
NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE
NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, '
0026826172C4 at test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM
AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('
0026826172C4 at test_cpe.com') )) and  (THR_THROTTLEID=0 or THR_THROTTLEID is
null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
Found Auth-Type = Accept
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user '0026826172C4 at test_cpe.com'
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group eap {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 243 to 2.2.2.2 port 10010
hw-application-type := Simple-Mobile
hw-flow-info :=
"FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0"
hw-application-scene := 1
hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;"
WiMAX-Release := "1.1"
WiMAX-Accounting-Capabilities := Flow-Based
WiMAX-Hotlining-Capabilities := Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap := Supported
hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;"
hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;"
EAP-Message =
0x01f504000dc00000092e93db592b25815b520e9fe747d858cb6ba761f0458eddb04948e5c07661c532c96c7e8f7a64cd46c0d2e746b12c5851d8fd6d436dd661550f97966aeb5b778472b8360bfbd8b75fa00a6db6d94bcf3b5cc0b5cff3d32b4068ccb2b0160301020d0c0002090080e3470782e846dfd041ca453987dd39ab4742f3c047fa8df2cb93bcd8680c6b7a46b314684dd3f52a14f4e128c74eeb9a02d3ffab4464ad2ddd7a324c472ca08bd20dc9f0db4d6fe03edefa767d7be8df945418016fc53d838d15769e564def8df5c59070767b1ce0f96a1cb32944fbb953abbc4d4e0ae29be6c0fc7b2a2a7383000102008093dc6f8acd615b6d
EAP-Message =
0xd9902f90f91fee7ea8af12e17b071fdb1faaf45990957f58a07e7075297ca5e5c59857a4f80745cdbc475c0f2c3103a1a96618aa40a07e9f6637851c6b0b1edcea104e5d7f47b7602e3539d0957aa269968249ec0c9e60568965c7d74377a231042eb4acdb3c49c0c2b0b1e99bfcc3bbce6990a7654042cc0100c415917624a16673453f3d1379ab47b9dd6c975c39cabc44a938f2edc68a998016344960ec0522759f22e7551b4192478988c8c22c69b5883fee8560f3304fdea7cf39a605ee8e5b839c5d1bd151d97b6ce9c2034f31fe0463d27b27731b5407162fbd107a77a8b51bb8b5231e67a185042339257410eb061a839d2b850d4459c0846e
EAP-Message =
0xa25b3618b348e1390c4d3afc907b97f9643c37ebc1194a2fb0f7100583c573e26cd36a05f771a029c0abeca96b26534c7c3013e6d05d058552ffd0a839f5f9ce60faafbf2d99038ebdbbfbee5ab67c8d504cc157ac5ef3ebf0d2c5134a205e55b1ff2b0713ef38559f572b1b487c6e306a9ea49ed3865931457486424216030102c60d0002be040304010202b7007d307b310b300906035504061302555331173015060355040a130e4d6f746f726f6c612c20496e632e312b3029060355040b132257694d41582044657669636520436572746966696361746520417574686f72697479312630240603550403131d4d6f746f726f6c612057694d4158
EAP-Message =
0x2044657669636520526f6f7420434100743072310b300906035504061302504b3111300f060355040a13084d6f746f726f6c61310e300c060355040b130557694d4158311b30190603550403131277696d61782e6d6f746f726f6c612e636f6d3123302106092a864886f70d010901161477313033303663406d6f746f726f6c612e636f6d00e43081e1310b300906035504061302504b311730150603550408130e46656472616c204361706974616c311230100603550407130949736c616d6162616431223020060355040a131977692d74726962652050616b697374616e206c696d6974656431183016060355040b130f436f7265204f70657261
EAP-Message = 0x74696f6e73313a3038060355
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0718f89105edf525d78d83a17abaa53c
Finished request 2.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=244,
length=210
User-Name = "0026826172C4 at test_cpe.com"
NAS-IP-Address = 2.2.2.2
State = 0x0718f89105edf525d78d83a17abaa53c
Calling-Station-Id = "0026826172c4"
NAS-Identifier = "WASN"
Event-Timestamp = "Jul 18 2013 16:53:41 PKT"
EAP-Message = 0x02f500060d00
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap = Supported
WiMAX-Attr-1281 = 0x01
WiMAX-BS-Id = 0x303030303066303030663130
WiMAX-GMT-Timezone-offset = 18000
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 99
Service-Type = Framed-User
Message-Authenticator = 0x49efe4b0ef62ab693b67fb1ce69f166e
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 245 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eap] EAP packet type response id 245 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> 0026826172C4 at test_cpe.com
[sql] sql_set_user escaped user --> '0026826172C4 at test_cpe.com'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum
AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute,
AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM
dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS
USERNAME,'Login-Time' AS Attribute, (select
decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM)
from SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in
((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM
dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from
(SELECT rownum AS RC_ID,'0026826172C4 at test_cpe.com'
[sql] User found in radcheck table
[sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE,
RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in (
(AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and  (THR_THROTTLEID=0 or
THR_THROTTLEID is null) and RE_RESOURSEID=0 and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi')
and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi')
and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND
NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE
NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, '
0026826172C4 at test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM
AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('
0026826172C4 at test_cpe.com') )) and  (THR_THROTTLEID=0 or THR_THROTTLEID is
null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
Found Auth-Type = Accept
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user '0026826172C4 at test_cpe.com'
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group eap {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 244 to 2.2.2.2 port 10010
hw-application-type := Simple-Mobile
hw-flow-info :=
"FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0"
hw-application-scene := 1
hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;"
WiMAX-Release := "1.1"
WiMAX-Accounting-Capabilities := Flow-Based
WiMAX-Hotlining-Capabilities := Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap := Supported
hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;"
hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;"
EAP-Message =
0x01f6014c0d800000092e0403133177692d74726962652050616b697374616e206c696d697465642043657274696669636174696f6e20417574686f72697479312b302906092a864886f70d010901161c68696c616c2e61667269646940706b2e77692d74726962652e636f6d00da3081d7310b300906035504061302504b311730150603550408130e46656472616c204361706974616c311230100603550407130949736c616d6162616431223020060355040a131977692d74726962652050616b697374616e206c696d69746564311b3019060355040b13124e6574776f726b204f7065726174696f6e73313230300603550403132977692d747269
EAP-Message =
0x62652050616b697374616e2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706b77696e6f6340706b2e77692d74726962652e636f6d0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0718f89104eef525d78d83a17abaa53c
Finished request 3.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=245,
length=1579
User-Name = "0026826172C4 at test_cpe.com"
NAS-IP-Address = 2.2.2.2
State = 0x0718f89104eef525d78d83a17abaa53c
Calling-Station-Id = "0026826172c4"
NAS-Identifier = "WASN"
Event-Timestamp = "Jul 18 2013 16:53:42 PKT"
EAP-Message =
0x02f605550dc000000563160301040d0b000409000406000403308203ff308203a9a003020102020120300d06092a864886f70d01010505003081d7310b300906035504061302504b311730150603550408130e46656472616c204361706974616c311230100603550407130949736c616d6162616431223020060355040a131977692d74726962652050616b697374616e206c696d69746564311b3019060355040b13124e6574776f726b204f7065726174696f6e73313230300603550403132977692d74726962652050616b697374616e2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706b
EAP-Message =
0x77696e6f6340706b2e77692d74726962652e636f6d301e170d3130303432313131313032335a170d3133303430353131313032335a30818b310b300906035504061302504b3111300f0603550408130850616b697374616e311230100603550407130949736c616d616261643111300f060355040a130877692d74726962653111300f060355040b130877692d7472696265310c300a060355040313034141413121301f06092a864886f70d0109011612636340706b2e77692d74726962652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b2de6451f7ca49f79ff2ba2054fe782dd316cc7208e3eb5d653f38f952
EAP-Message =
0xd6598e4b286ec0f9847a83298c590cd6a44456c0cd05f3cde7c278aa765d54dd498678059e1833e748127a79b15718a74b5691693e0523e36de680aaa6d5ff2c6c8ce8425cc3120b8524a97a3abb8940b19ce721dd97499dac7f7893ab8f65689e14fb0203010001a38201643082016030090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604146823bd5dbe9e1202f84126d580f11c9fb5c52115308201040603551d230481fc3081f980145fb53176239da60a979b69a60e6dd41773cb9177a181dda481da3081d7310b3009060355
EAP-Message =
0x04061302504b311730150603550408130e46656472616c204361706974616c311230100603550407130949736c616d6162616431223020060355040a131977692d74726962652050616b697374616e206c696d69746564311b3019060355040b13124e6574776f726b204f7065726174696f6e73313230300603550403132977692d74726962652050616b697374616e2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706b77696e6f6340706b2e77692d74726962652e636f6d820100300d06092a864886f70d01010505000341008936a560f672d39b89c3b1977b5468f34bf0a4bb7a2d9a1c
EAP-Message =
0xd1880587b38ba3500162c22a3394d96ba3580e6f0da7c9bb06d74dc91c749b33a58985bcfd7c066916030100861000008200802e22a7c459dc49690d746d88aff274948e4e40c06976ea279eec07853956f85b4d00d9e2a83352e93d7cebf6dbe15c739d36fddf011d278e0531caaecf96ff50a4c04cf57dd7a5116715a80f659aad8611d11032c6e866c7b8b581e9c68b28c2e2bcb8674ffc38114facd04ff2879b47b3cab5d9d47f02824992e8f0b1a7886416030100860f0000820080a114a4114bef2651133e15c3fa97a3eeca554d852d57336c4afbf25785379b7263682b2ca624a1e89f09c6d1787f1bca02af5d2f4f9cc589a56c7bd5c9c849
EAP-Message =
0xe0272678ec93bfbb85fdcccc3595c7b05fd85ddac76ea1fd05b3c7bed9e84a7fbf9f31f01b66576ba66a7a7383bc077f6036573eb09097726b468cf376e14b0b4a1403010001011603010030a9c4652b13fb45f4deadd45f9342149adea890aa78e886fb
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap = Supported
WiMAX-Attr-1281 = 0x01
WiMAX-BS-Id = 0x303030303066303030663130
WiMAX-GMT-Timezone-offset = 18000
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 99
Service-Type = Framed-User
Message-Authenticator = 0x7c48268950c2bd896a0be89d4241a330
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 246 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eap] EAP packet type response id 246 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> 0026826172C4 at test_cpe.com
[sql] sql_set_user escaped user --> '0026826172C4 at test_cpe.com'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum
AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute,
AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM
dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS
USERNAME,'Login-Time' AS Attribute, (select
decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM)
from SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in
((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM
dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from
(SELECT rownum AS RC_ID,'0026826172C4 at test_cpe.com'
[sql] User found in radcheck table
[sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE,
RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in (
(AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and  (THR_THROTTLEID=0 or
THR_THROTTLEID is null) and RE_RESOURSEID=0 and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi')
and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi')
and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND
NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE
NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, '
0026826172C4 at test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM
AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('
0026826172C4 at test_cpe.com') )) and  (THR_THROTTLEID=0 or THR_THROTTLEID is
null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
Found Auth-Type = Accept
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user '0026826172C4 at test_cpe.com'
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group eap {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
  TLS Length 1379
[tls] Received EAP-TLS First Fragment of the message
[tls] eaptls_verify returned 9
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 245 to 2.2.2.2 port 10010
hw-application-type := Simple-Mobile
hw-flow-info :=
"FI=0,QD=2;55;0;49;1024000;100000;4096;50;25,FD=0;;;;;;;;;;;0"
hw-application-scene := 1
hw-flow-info += "FI=0,QU=2;55;0;49;256000;100000;4096;50;25,FU=0;;;;;;;;;;"
WiMAX-Release := "1.1"
WiMAX-Accounting-Capabilities := Flow-Based
WiMAX-Hotlining-Capabilities := Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap := Supported
hw-flow-info += "FI=0,QU=3;52;0;;131072;0;4096;;"
hw-flow-info += "FI=0,QD=3;52;0;;524288;0;4096;;"
EAP-Message = 0x01f700060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0718f89103eff525d78d83a17abaa53c
Finished request 4.
Going to the next request
Waking up in 3.5 seconds.
rad_recv: Access-Request packet from host 2.2.2.2 port 10010, id=246,
length=234
User-Name = "0026826172C4 at test_cpe.com"
NAS-IP-Address = 2.2.2.2
State = 0x0718f89103eff525d78d83a17abaa53c
Calling-Station-Id = "0026826172c4"
NAS-Identifier = "WASN"
Event-Timestamp = "Jul 18 2013 16:53:42 PKT"
EAP-Message = 0x02f7001e0d0084ce90a57cbd6f12a92e87a4b000e428b53ef2cd15648e1a
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Idle-Mode-Notification-Cap = Supported
WiMAX-Attr-1281 = 0x01
WiMAX-BS-Id = 0x303030303066303030663130
WiMAX-GMT-Timezone-offset = 18000
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 99
Service-Type = Framed-User
Message-Authenticator = 0x51e2d8fb6008099bef5788232a49f523
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 247 length 30
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eap] EAP packet type response id 247 length 30
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> 0026826172C4 at test_cpe.com
[sql] sql_set_user escaped user --> '0026826172C4 at test_cpe.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: select RC_ID,USERNAME,Attribute,Value,op from (SELECT rownum
AS RC_ID,'%{SQL-USER-NAME}' AS USERNAME,'Auth-Type' AS Attribute,
AAA_GETVALUETOCHECKWITRIBE('%{SQL-USER-NAME}') AS Value,':=' AS op FROM
dual) union (SELECT rownum+1 AS RC_ID,'%{SQL-USER-NAME}' AS
USERNAME,'Login-Time' AS Attribute, (select
decode(STC_WEEKDAY,'Any','Any',substr(STC_WEEKDAY,1,2))||decode(STC_FROMHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMHH)||decode(STC_FROMMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_FROMMM)||'-'||decode(STC_TOHH,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOHH)||decode(STC_TOMM,0,'00',1,'01',2,'02',3,'03',4,'04',5,'05',6,'06',7,'07',8,'08',9,'09',STC_TOMM)
from SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in
((AAA_GETVALUESERVICEID('%{SQL-USER-NAME}'))) ) AS Value,':=' AS op FROM
dual) order by RC_ID -> select RC_ID,USERNAME,Attribute,Value,op from
(SELECT rownum AS RC_ID,'0026826172C4 at test_cpe.com'
[sql] User found in radcheck table
[sql] expand: select rownum, '%{SQL-USER-NAME}', RR_ATTRIBUTE, RR_VALUE,
RR_OP FROM AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in (
(AAA_GETVALUESERVICEID('%{SQL-USER-NAME}') )) and  (THR_THROTTLEID=0 or
THR_THROTTLEID is null) and RE_RESOURSEID=0 and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')>=to_date((STC_FROMHH||':'||STC_FROMMM),'hh24:mi')
and
to_date(to_char(sysdate,'hh24:mm'),'hh24:mm')<=to_date((STC_TOHH||':'||STC_TOMM),'hh24:mi')
and (STC_WEEKDAY='Any' or STC_WEEKDAY=to_char(sysdate,'Day') )) AND
NE_ELEMENTID in (SELECT NE_ELEMENTID FROM NC_TBLNEACESSCONF WHERE
NEAC_IPADDRESS = '%{NAS-IP-Address}') -> select rownum, '
0026826172C4 at test_cpe.com', RR_ATTRIBUTE, RR_VALUE, RR_OP FROM
AAA_TBLRADREPLY where PR_ID in (select PR_ID from
SER_TBLSUBSSERVICESBUCKETS  where SS_SUBSRVID in ( (AAA_GETVALUESERVICEID('
0026826172C4 at test_cpe.com') )) and  (THR_THROTTLEID=0 or THR_THROTTLEID is
null) and RE_RESOURSEID=0 and to_date(to_char(sysdate,'hh24:mm'),'hh24:
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
Found Auth-Type = Accept
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user '0026826172C4 at test_cpe.com'
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group eap {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 040d], Certificate
[tls] chain-depth=1,
[tls] error=0
[tls] --> User-Name = 0026826172C4 at test_cpe.com
[tls] --> BUF-Name = wi-tribe Pakistan Certification Authority
[tls] --> subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan
limited/OU=Network Operations/CN=wi-tribe Pakistan Certification
Authority/emailAddress=pkwinoc at pk.wi-tribe.com
[tls] --> issuer  = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan
limited/OU=Network Operations/CN=wi-tribe Pakistan Certification
Authority/emailAddress=pkwinoc at pk.wi-tribe.com
*[tls] --> verify return:1*
*--> verify error:num=10:certificate has expired *
*[tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired  *
*TLS Alert write:fatal:certificate expired*
*    TLS_accept: error in SSLv3 read client certificate B*
*rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned*
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
0026826172C4 at test_cpe.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 246 to 2.2.2.2 port 10010
EAP-Message = 0x04f70004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2.4 seconds.

--- can any body tell me what is the issue..
-- 
Best Regards
Muhammad Nadeem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130719/3884ab3d/attachment-0001.html>


More information about the Freeradius-Users mailing list