[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: EAP-TLS
From: "abhishek singh" <abhicc285 () gmail ! com>
Date: 2007-07-31 11:33:41
Message-ID: 60dffc5e0707310421o42b9e2f0l2aa3d62457d014d7 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I have a setup where my client is trying to perform authentication to
server by using
EAP-TLS. The server is a pass through server, which forwards the packet to
the free radius.
The free radius, instead of sending the server certificates, bails out on
seeing the client Hello and the TLS handshake aborts.
I am not being able to figure out the exact cause. Any help will be
appreciated.
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/root/temp/freeradius- 1.1.6/raddb/certs/cert-
srv.pem"
tls: certificate_file = "/root/temp/freeradius-1.1.6/raddb/certs/cert-
srv.pem"
tls: CA_file = "/root/temp/freeradius-1.1.6/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/root/temp/freeradius-1.1.6/raddb/certs/dh"
tls: random_file = "/root/temp/freeradius-1.1.6/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "DEFAULT"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 172.25.13.61:32772, id=172,
length=112
EAP-Message =
0x02f9001d01727361757365723140736166656e65742d696e632e636f6d
User-Name = "rsauser1@****** inc.com"
Framed-MTU = 1400
Message-Authenticator = 0x2250f6cd977a5d08a36d9b763bcbb0e4
NAS-Identifier = "127.0.0.1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "******inc.com" for User-Name =
"rsauser1@safenet-inc.com
"
rlm_realm: No such realm "*****inc.com"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 249 length 29
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 154
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 172 to 172.25.13.61 port 32772
EAP-Message = 0x01fa00060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab07f776af1e85b77ff4701c377b35b0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.13.61:32772 , id=6,
length=164
EAP-Message =
0x02fa003f0d160301003501000031030146ae5a6d0160fe0dfa54bb07a4621ff0f61c35aeb429d6b516224dc14464553200000a0004000500070009000a0100
User-Name = " rsauser1@safenet-inc.com"
Framed-MTU = 1400
State = 0xab07f776af1e85b77ff4701c377b35b0
Message-Authenticator = 0xb29d99250e4ec7907b0db64636f40e2d
NAS-Identifier = " 127.0.0.1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "safenet-inc.com" for User-Name =
"rsauser1@safenet-inc.com
"
rlm_realm: No such realm "safenet-inc.com"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 250 length 63
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 154
modcall[authorize]: module "files" returns ok for request 1
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
(other): before/accept initialization
TLS_accept: before/accept initialization
TLS_accept: Need to read more data: SSLv3 read client hello B
rlm_eap: SSL error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 1
modcall: leaving group authenticate (returns reject) for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.13.61:32772, id=6,
length=164
Sending Access-Reject of id 6 to 172.25.13.61 port 32772
EAP-Message = 0x04fa0004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 6 with timestamp 46af0b4f
Cleaning up request 0 ID 172 with timestamp 46af0b4f
Nothing to do. Sleeping until we see a request.
[Attachment #5 (text/html)]
<br><br>Hi,<br><br> I have a setup where my client is trying to perform \
authentication to server by using <br>EAP-TLS. The server is a pass through server, \
which forwards the packet to the free radius.<br> The free radius, instead of \
sending the server certificates, bails out on seeing the client Hello and the TLS \
handshake aborts. <br><br> I am not being able to figure out the exact cause. Any \
help will be appreciated. <br><br><br><br><br>Starting - reading configuration files \
...<br>reread_config: reading radiusd.conf<br>Config: including \
file: /usr/local/etc/raddb/proxy.conf <br>Config: including file: \
/usr/local/etc/raddb/clients<div id="mb_0">.conf<br>Config: including \
file: /usr/local/etc/raddb/snmp.conf<br>Config: including file: \
/usr/local/etc/raddb/eap.conf<br>Config: including file: \
/usr/local/etc/raddb/sql.conf <br> main: prefix = \
"/usr/local"<br> main: localstatedir = \
"/usr/local/var"<br> main: logdir = \
"/usr/local/var/log/radius"<br> main: libdir = \
"/usr/local/lib"<br> main: radacctdir = \
"/usr/local/var/log/radius/radacct" <br> main: hostname_lookups = \
no<br> main: snmp = no<br> main: max_request_time = 30<br> main: \
cleanup_delay = 5<br> main: max_requests = 1024<br> main: \
delete_blocked_requests = 0<br> main: port = 0<br> main: allow_core_dumps = \
no <br> main: log_stripped_names = no<br> main: log_file = \
"/usr/local/var/log/radius/radius.log"<br> main: log_auth = \
no<br> main: log_auth_badpass = no<br> main: log_auth_goodpass = \
no<br> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" \
<br> main: user = "(null)"<br> main: group = \
"(null)"<br> main: usercollide = no<br> main: lower_user = \
"no"<br> main: lower_pass = "no"<br> main: nospace_user \
= "no"<br> main: nospace_pass = "no"
<br> main: checkrad = "/usr/local/sbin/checkrad"<br> main: \
proxy_requests = yes<br> proxy: retry_delay = 5<br> proxy: retry_count = \
3<br> proxy: synchronous = no<br> proxy: default_fallback = \
yes<br> proxy: dead_time = 120 <br> proxy: post_proxy_authorize = \
no<br> proxy: wake_all_if_all_dead = no<br> security: max_attributes = \
200<br> security: reject_delay = 1<br> security: status_server = \
no<br> main: debug_level = 0<br>read_config_files: reading dictionary \
<br>read_config_files: reading naslist<br>Using deprecated naslist file. \
Support for this will go away soon.<br>read_config_files: reading \
clients<br>read_config_files: reading realms<br>radiusd: entering modules \
setup <br>Module: Library search path is /usr/local/lib<br>Module: Loaded exec \
<br> exec: wait = yes<br> exec: program = "(null)"<br> exec: \
input_pairs = "request"<br> exec: output_pairs = "(null)" \
<br> exec: packet_type = "(null)"<br>rlm_exec: Wait=yes but no output \
defined. Did you mean output=none?<br>Module: Instantiated exec (exec) <br>Module: \
Loaded expr <br>Module: Instantiated expr (expr) <br>Module: Loaded PAP \
<br> pap: encryption_scheme = "crypt"<br> pap: auto_header = \
yes<br>Module: Instantiated pap (pap) <br>Module: Loaded CHAP <br>Module: \
Instantiated chap (chap) <br>Module: Loaded MS-CHAP <br> mschap: use_mppe = yes \
<br> mschap: require_encryption = no<br> mschap: require_strong = \
no<br> mschap: with_ntdomain_hack = no<br> mschap: passwd = \
"(null)"<br> mschap: ntlm_auth = "(null)"<br>Module: \
Instantiated mschap (mschap) <br>Module: Loaded System <br> unix: cache = \
no<br> unix: passwd = "(null)"<br> unix: shadow = \
"(null)"<br> unix: group = "(null)"<br> unix: radwtmp = \
"/usr/local/var/log/radius/radwtmp" <br> unix: usegroup = \
no<br> unix: cache_reload = 600<br>Module: Instantiated unix (unix) <br>Module: \
Loaded eap <br> eap: default_eap_type = "tls"<br> eap: \
timer_expire = 60<br> eap: ignore_unknown_eap_types = no <br> eap: \
cisco_accounting_username_bug = no<br>rlm_eap: Loaded and initialized type \
md5<br>rlm_eap: Loaded and initialized type leap<br> gtc: challenge = \
"Password: "<br> gtc: auth_type = "PAP"<br>rlm_eap: Loaded \
and initialized type gtc <br> tls: rsa_key_exchange = no<br> tls: \
dh_key_exchange = yes<br> tls: rsa_key_length = 512<br> tls: dh_key_length \
= 512<br> tls: verify_depth = 0<br> tls: CA_path = \
"(null)"<br> tls: pem_file_type = yes<br> tls: private_key_file = \
"/root/temp/freeradius- 1.1.6/raddb/certs/cert-srv.pem"<br> tls: \
certificate_file = "/root/temp/freeradius-1.1.6/raddb/certs/cert-srv.pem"<br> tls: \
CA_file = "/root/temp/freeradius-1.1.6/raddb/certs/demoCA/cacert.pem"<br>
tls: private_key_password = "whatever"<br> tls: dh_file = \
"/root/temp/freeradius-1.1.6/raddb/certs/dh"<br> tls: random_file = \
"/root/temp/freeradius-1.1.6/raddb/certs/random"<br> tls: \
fragment_size = 1024 <br> tls: include_length = yes<br> tls: check_crl = \
no<br> tls: check_cert_cn = "(null)"<br> tls: cipher_list = \
"DEFAULT"<br> tls: check_cert_issuer = \
"(null)"<br>rlm_eap_tls: Loading the certificate file as a chain \
<br>rlm_eap: Loaded and initialized type tls<br> mschapv2: with_ntdomain_hack = \
no<br>rlm_eap: Loaded and initialized type mschapv2<br>Module: Instantiated eap (eap) \
<br>Module: Loaded preprocess <br> preprocess: huntgroups = \
"/usr/local/etc/raddb/huntgroups" <br> preprocess: hints = \
"/usr/local/etc/raddb/hints"<br> preprocess: with_ascend_hack = \
no<br> preprocess: ascend_channels_per_line = 23<br> preprocess: \
with_ntdomain_hack = no<br> preprocess: with_specialix_jetstream_hack = no \
<br> preprocess: with_cisco_vsa_hack = no<br> preprocess: \
with_alvarion_vsa_hack = no<br>Module: Instantiated preprocess (preprocess) \
<br>Module: Loaded realm <br> realm: format = "suffix"<br> realm: \
delimiter = "@" <br> realm: ignore_default = no<br> realm: \
ignore_null = no<br>Module: Instantiated realm (suffix) <br>Module: Loaded files \
<br> files: usersfile = "/usr/local/etc/raddb/users"<br> files: \
acctusersfile = "/usr/local/etc/raddb/acct_users" <br> files: \
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"<br> files: \
compat = "no"<br>Module: Instantiated files (files) <br>Module: Loaded \
Acct-Unique-Session-Id <br> acct_unique: key = "User-Name, Acct-Session-Id, \
NAS-IP-Address, Client-IP-Address, NAS-Port" <br>Module: Instantiated \
acct_unique (acct_unique) <br>Module: Loaded detail <br> detail: detailfile = \
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br> detail: \
detailperm = 384<br> detail: dirperm = 493 <br> detail: locking = \
no<br>Module: Instantiated detail (detail) <br>Module: Loaded radutmp \
<br> radutmp: filename = \
"/usr/local/var/log/radius/radutmp"<br> radutmp: username = \
"%{User-Name}"<br> radutmp: case_sensitive = yes <br> radutmp: \
check_with_nas = yes<br> radutmp: perm = 384<br> radutmp: callerid = \
yes<br>Module: Instantiated radutmp (radutmp) <br>Listening on authentication \
*:1812<br>Listening on accounting *:1813<br>Ready to process requests. <br>rad_recv: \
Access-Request packet from host <a href="http://172.25.13.61:32772/" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">172.25.13.61:32772</a>, \
id=172, length=112<br> EAP-Message = \
0x02f9001d01727361757365723140736166656e65742d696e632e636f6d <br> \
User-Name = "rsauser1@****** <a href="http://inc.com/" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">inc.com</a>"<br> \
Framed-MTU = 1400<br> Message-Authenticator = \
0x2250f6cd977a5d08a36d9b763bcbb0e4<br> NAS-Identifier = " <a \
href="http://127.0.0.1/" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">127.0.0.1</a>"<br> Processing the \
authorize section of radiusd.conf<br>modcall: entering group authorize for request \
0<br> modcall[authorize]: module "preprocess" returns ok for request \
0<br> modcall[authorize]: module "chap" returns noop for request \
0<br>
modcall[authorize]: module "mschap" returns noop for request \
0<br> rlm_realm: Looking up realm "******<a \
href="http://inc.com/" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">inc.com </a>" for User-Name = "<a \
href="mailto:rsauser1@safenet-inc.com" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)"> \
rsauser1@safenet-inc.com</a>"<br> rlm_realm: No such realm \
"*****<a href="http://inc.com/" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">inc.com</a>"<br> \
modcall[authorize]: module "suffix" returns noop for request 0 <br> \
rlm_eap: EAP packet type response id 249 length 29 <br> rlm_eap: No EAP Start, \
assuming it's an on-going EAP conversation<br> modcall[authorize]: module \
"eap" returns updated for request 0<br> users: Matched \
entry DEFAULT at line 154<br> modcall[authorize]: module "files" \
returns ok for request 0 <br>rlm_pap: WARNING! No "known good" password \
found for the user. Authentication may fail because of this.<br> \
modcall[authorize]: module "pap" returns noop for request 0<br>modcall: \
leaving group authorize (returns updated) for request 0 <br> \
rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> \
Processing the authenticate section of radiusd.conf<br>modcall: entering group \
authenticate for request 0<br> rlm_eap: EAP Identity<br> rlm_eap: \
processing type tls <br> rlm_eap_tls: Requiring client certificate<br> \
rlm_eap_tls: Initiate<br> rlm_eap_tls: Start returned 1<br> \
modcall[authenticate]: module "eap" returns handled for request \
0<br>modcall: leaving group authenticate (returns handled) for request 0 <br>Sending \
Access-Challenge of id 172 to <a href="http://172.25.13.61/" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">172.25.13.61</a> port \
32772<br> EAP-Message = 0x01fa00060d20<br> \
Message-Authenticator = 0x00000000000000000000000000000000 <br> \
State = 0xab07f776af1e85b77ff4701c377b35b0 <br>Finished request 0<br>Going to the \
next request<br>--- Walking the entire request list ---<br>Waking up in 6 \
seconds...<br>rad_recv: Access-Request packet from host <a \
href="http://172.25.13.61:32772/" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)"> 172.25.13.61:32772
</a>, id=6, length=164<br> EAP-Message = \
0x02fa003f0d160301003501000031030146ae5a6d0160fe0dfa54bb07a4621ff0f61c35aeb429d6b516224dc14464553200000a0004000500070009000a0100<br> \
User-Name = "<a href="mailto:rsauser1@safenet-inc.com" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">
rsauser1@safenet-inc.com</a>"<br> Framed-MTU = \
1400<br> State = \
0xab07f776af1e85b77ff4701c377b35b0<br> Message-Authenticator = \
0xb29d99250e4ec7907b0db64636f40e2d<br> NAS-Identifier = "<a \
href="http://127.0.0.1/" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">
127.0.0.1</a>"<br> Processing the authorize section of \
radiusd.conf<br>modcall: entering group authorize for request 1<br> \
modcall[authorize]: module "preprocess" returns ok for request 1<br> \
modcall[authorize]: module "chap" returns noop for request 1 <br> \
modcall[authorize]: module "mschap" returns noop for request \
1<br> rlm_realm: Looking up realm "<a \
href="http://safenet-inc.com/" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)"> safenet-inc.com</a>" for User-Name = \
"<a href="mailto:rsauser1@safenet-inc.com" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)"> \
rsauser1@safenet-inc.com</a>"<br> rlm_realm: No such realm \
"<a href="http://safenet-inc.com/" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">safenet-inc.com</a>"<br> \
modcall[authorize]: module "suffix" returns noop for request 1 <br> \
rlm_eap: EAP packet type response id 250 length 63 <br> rlm_eap: No EAP Start, \
assuming it's an on-going EAP conversation<br> modcall[authorize]: module \
"eap" returns updated for request 1<br> users: Matched \
entry DEFAULT at line 154<br> modcall[authorize]: module "files" \
returns ok for request 1 <br>rlm_pap: WARNING! No "known good" password \
found for the user. Authentication may fail because of this.<br> \
modcall[authorize]: module "pap" returns noop for request 1<br>modcall: \
leaving group authorize (returns updated) for request 1 <br> \
rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> \
Processing the authenticate section of radiusd.conf<br>modcall: entering group \
authenticate for request 1<br> rlm_eap: Request found, released from the list \
<br> rlm_eap: EAP/tls<br> rlm_eap: processing type tls<br> \
rlm_eap_tls: Authenticate<br> rlm_eap_tls: processing TLS<br> \
eaptls_verify returned 7 <br> rlm_eap_tls: Done initial \
handshake<br> (other): before/accept initialization \
<br> TLS_accept: before/accept initialization \
<br> TLS_accept: Need to read more data: SSLv3 read client hello \
B<br>rlm_eap: SSL error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version \
number<br>rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. \
<br> eaptls_process returned 13 <br> rlm_eap: Freeing handler<br> \
modcall[authenticate]: module "eap" returns reject for request \
1<br>modcall: leaving group authenticate (returns reject) for request 1<br>auth: \
Failed to validate the user. <br>Delaying request 1 for 1 seconds<br>Finished request \
1<br>Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: \
Access-Request packet from host <a href="http://172.25.13.61:32772/" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)"> 172.25.13.61:32772</a>, id=6, \
length=164 <br>Sending Access-Reject of id 6 to <a href="http://172.25.13.61/" \
target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">172.25.13.61</a> port \
32772<br> EAP-Message = 0x04fa0004<br> \
Message-Authenticator = 0x00000000000000000000000000000000 <br>--- Walking the entire \
request list --- <br>Waking up in 5 seconds...<br>--- Walking the entire request list \
---<br>Cleaning up request 1 ID 6 with timestamp 46af0b4f<br>Cleaning up request 0 ID \
172 with timestamp 46af0b4f<br>Nothing to do. Sleeping until we see a request. \
<br> </div><br>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic