Re: Freeradius EAP-TLS - every 2nd (even) attempt unsuccessfull

gracian at centrum.cz gracian at centrum.cz
Sat Dec 5 16:28:36 CET 2015


Thank you Alan,
 
 
I commented out section cache in file mods-enabled/eap but the result is I can't connect at all and here is debug output:
 
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap : Calling eap_tls to process EAP data
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : Authenticate
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : processing EAP-TLS
Sat Dec  5 16:12:27 2015 : Debug:   TLS Length 1414
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : Length Included
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : eaptls_verify returned 11
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : <<< TLS 1.0 Handshake [length 03fa], Certificate
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : chain-depth=1,
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : error=0
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> User-Name = mib at example.com
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> BUF-Name = SelfSigned certificate
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> subject = /C=CZ/ST=CzechRepublic/L=NorthMoravia/O=AIB/emailAddress=it at example.com/CN=SelfSigned certificate
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> issuer  = /C=CZ/ST=CzechRepublic/L=NorthMoravia/O=AIB/emailAddress=it at example.com/CN=SelfSigned certificate
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> verify return:1
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : chain-depth=0,
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : error=0
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> User-Name = mib at example.com
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> BUF-Name = mib at example.com
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> subject = /C=CZ/ST=CzechRepublic/O=AIB/CN=mib at example.com/emailAddress=it at example.com
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> issuer  = /C=CZ/ST=CzechRepublic/L=NorthMoravia/O=AIB/emailAddress=it at example.com/CN=SelfSigned certificate
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : --> verify return:1
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : TLS_accept: SSLv3 read client certificate A
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : TLS_accept: SSLv3 read client key exchange A
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : <<< TLS 1.0 Handshake [length 0106], CertificateVerify
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : TLS_accept: SSLv3 read certificate verify A
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : <<< TLS 1.0 ChangeCipherSpec [length 0001]
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : <<< TLS 1.0 Handshake [length 0010], Finished
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : TLS_accept: SSLv3 read finished A
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : >>> TLS 1.0 ChangeCipherSpec [length 0001]
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : TLS_accept: SSLv3 write change cipher spec A
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : >>> TLS 1.0 Handshake [length 0010], Finished
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : TLS_accept: SSLv3 write finished A
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : TLS_accept: SSLv3 flush data
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : (other): SSL negotiation finished successfully
Sat Dec  5 16:12:27 2015 : Debug: SSL Connection Established
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap_tls : eaptls_process returned 13
Sat Dec  5 16:12:27 2015 : Debug: (4)  eap : New EAP session, adding 'State' attribute to reply 0x0701786703067527
Sat Dec  5 16:12:27 2015 : Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap) for request 4
Sat Dec  5 16:12:27 2015 : Debug: (4)   [eap] = handled
Sat Dec  5 16:12:27 2015 : Debug: (4)  } #  authenticate = handled
Sat Dec  5 16:12:27 2015 : Debug: (4) Sending Access-Challenge packet to host 172.16.0.20 port 32769, id=180, length=0
Sat Dec  5 16:12:27 2015 : Debug: (4)   EAP-Message = 0x010700450d800000003b14030100010116030100308c4c70cee63e7eccf2311eceedf4f1af7a41904352e4f549283dcd48e7fee6b9f69c511e61b12859905e9d6eda8bbc7d
Sat Dec  5 16:12:27 2015 : Debug: (4)   Message-Authenticator = 0x00000000000000000000000000000000
Sat Dec  5 16:12:27 2015 : Debug: (4)   State = 0x07017867030675271a926a176ed75fb9
Sending Access-Challenge Id 180 from 172.16.110.17:1812 to 172.16.0.20:32769
        EAP-Message = 0x010700450d800000003b14030100010116030100308c4c70cee63e7eccf2311eceedf4f1af7a41904352e4f549283dcd48e7fee6b9f69c511e61b12859905e9d6eda8bbc7d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07017867030675271a926a176ed75fb9
Sat Dec  5 16:12:27 2015 : Debug: (4) Finished request
Sat Dec  5 16:12:27 2015 : Debug: Waking up in 0.2 seconds.
Received Access-Request Id 181 from 172.16.0.20:32769 to 172.16.110.17:1812 length 273
        User-Name = 'mib at example.com'
        Chargeable-User-Identity = 0x00
        Location-Capable = Civix-Location
Gracian


More information about the Freeradius-Users mailing list