Upgrade 2.1 to 2.2 and EAP-TLS Problem

Oliver Werner oliver.werner at kontrast.de
Wed Mar 23 13:47:01 CET 2016


Hi Alan,

now i have upgraded to 2.2.9 it look better, but not working…
Here is the debug from request:


Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.167 port 39133, id=40, length=263
	Acct-Session-Id = "660dc192"
	NAS-Port = 27
	NAS-Port-Type = Wireless-802.11
	User-Name = "Oliver Werner"
	Calling-Station-Id = "D0-03-4B-8F-37-CC"
	Called-Station-Id = "98-4B-E1-25-EF-10"
	EAP-Message = 0x02880012014f6c69766572205765726e6572
	NAS-Identifier = "SG047GG0322"
	NAS-IP-Address = 192.168.10.167
	Framed-MTU = 1496
	Connect-Info = "IEEE802.1X"
	Framed-Protocol = PPP
	Service-Type = Framed-User
	Colubris-AVPair = "ssid=TestOliver"
	Colubris-AVPair = "group=Default Group"
	Colubris-AVPair = "incoming-vlan-id=2"
	Colubris-AVPair = "vsc-unique-id=7"
	Message-Authenticator = 0xc163dded625cfa9e61a2fcee81b3d7eb
server kontrast {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/kontrast
+group authorize {
[eapcert] EAP packet type response id 136 length 18
[eapcert] No EAP Start, assuming it's an on-going EAP conversation
++[eapcert] = updated
+} # group authorize = updated
Found Auth-Type = eapcert
# Executing group from file /usr/local/etc/raddb/sites-enabled/kontrast
+group authenticate {
[eapcert] EAP Identity
[eapcert] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eapcert] = handled
+} # group authenticate = handled
} # server kontrast
Sending Access-Challenge of id 40 to 192.168.10.167 port 39133
	EAP-Message = 0x018900060d20
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xabbbf234ab32ff0a8dd5a114a8efbc82
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x60aad60a602fdb1c did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


i test with iOS, MacBook and HP Procurve Switch. Looks an cert is not installed correctly?


Kind regards


OLIVER WERNER
System-Administrator




Kontrast Communication Services GmbH
Grafenberger Allee 100, 40237 Düsseldorf, Germany

Fon  +49-211-91505-500
Fax +49-211-91505-530
www.kontrast.de <http://www.kontrast.de/>

Amtsgericht Düsseldorf: HRB 26934
Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der Vlist

 <https://www.facebook.com/kontrast.communication>     <https://twitter.com/KONTRAST_de>     <http://www.xing.com/companies/kontrastcommunicationservicesgmbh>     <http://www.linkedin.com/company/kontrast-communication-services-gmbh>     <https://vimeo.com/kontrastcs>     <http://instagram.com/kontrast_de>

> Am 23.03.2016 um 11:28 schrieb A.L.M.Buxey at lboro.ac.uk:
> 
> Hi,
> 
> 
>> 		dh_file = ${certdir}/dh
> check DH key size
> 
>>              random_file = ${certdir}/random
> 
> urgh. change that to
> 
> random_file = /dev/urandom
> 
> 
> I'd advise you go to 2.2.9 - many bugs/issues fixed since 2.2.5 and you might be hitting
> one of those....
> 
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160323/a6846539/attachment.sig>


More information about the Freeradius-Users mailing list