Help Windows XP and hostapd

Sungwon Ha s-ha
Thu Apr 17 15:19:05 PDT 2003


Hi!

I have tested hostapd with xsupplicant (from open1x) and FreeRadius
(version 0.8.1), using EAP-TLS. I didn't have any problem and authentication 
was successfully done. Then, I switched only the supplicant from xsupplicant to
 windows XP and I was not able be authenticated. 

Here is my configuration.
Suppicant             : Windows XP professional with SP1 (Service Pack 1)
Authenticator         : Linux using hostpad (2002-10 release)
Authentication Server : Linux using FreeRADIUS version 0.8.1

By reading through all old emails, I found that this setup should work.
Of course, I installed the certificates by following HOWTO instructions on 
windows XP. I am enclosing outputs from hostapd and Radius. Somehow the RADIUS
has a error "<<< TLS 1.0 Alert [length 0002], fatal access_denied" at the end, 
which causes the authentication failure. Could you tell me what is wrong?
Your help is greatly appreciated.

==========================  RADIUS OUTPUT ===========================
Script started on Thu Apr 17 14:43:31 2003
[root at linuxsha2 ~]# radiusd -X
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/var"
 main: logdir = "/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/radius/radius.log"
 main: log_auth = yes
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: servers_per_realm = 15
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: ignore_password = no
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded eap 
 eap: default_eap_type = "tls"
 eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/root/openssl/cert-srv.pem"
 tls: certificate_file = "/root/openssl/cert-srv.pem"
 tls: CA_file = "/root/openssl/root.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/root/openssl/dh"
 tls: random_file = "/root/openssl/random"
 tls: fragment_size = 1024
 tls: include_length = yes
rlm_eap_tls: conf N ctx stored 
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/etc/raddb/huntgroups"
 preprocess: hints = "/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/etc/raddb/users"
 files: acctusersfile = "/etc/raddb/acct_users"
 files: preproxy_usersfile = "/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded detail 
 detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.10.12:32924, id=0, length=143
	User-Name = "eve"
	NAS-IP-Address = 10.0.10.12
	NAS-Port = 1
	Called-Station-Id = "00-06-25-A7-E9-AC:sha"
	Calling-Station-Id = "00-02-2D-58-6F-AB"
	Framed-MTU = 2304
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = "\002\002\000\010\001eve"
	Message-Authenticator = 0x957cb3f3e4fe89ae28d55015ecdf8e3f
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "eve", looking up realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched eve at 105
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Login OK: [eve] (from client sha port 1 cli 00-02-2D-58-6F-AB)
Sending Access-Challenge of id 0 to 10.0.10.12:32924
	EAP-Message = "\001\003\000\006\r "
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd5fbdf6d5d95f901fb5a416b4161761b3a209f3e595381e5338714bc008df2a11f9f3acb
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.10.12:32924, id=1, length=253
	User-Name = "eve"
	NAS-IP-Address = 10.0.10.12
	NAS-Port = 1
	Called-Station-Id = "00-06-25-A7-E9-AC:sha"
	Calling-Station-Id = "00-02-2D-58-6F-AB"
	Framed-MTU = 2304
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = "\002\003\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>\237 \265*\212\353\253\376\253\370(\327m2\367)\346\304s\237.\342\237\357\243p<EZ\022\005\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
	State = 0xd5fbdf6d5d95f901fb5a416b4161761b3a209f3e595381e5338714bc008df2a11f9f3acb
	Message-Authenticator = 0x7e691a0885fe8441e16333e92a1548ae
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "eve", looking up realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched eve at 105
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls:  Length Included
undefined: before/accept initialization 
TLS_accept: before/accept initialization 
<<< TLS 1.0 Handshake [length 0041], ClientHello

TLS_accept: SSLv3 read client hello A 
>>> TLS 1.0 Handshake [length 004a], ServerHello

TLS_accept: SSLv3 write server hello A 
>>> TLS 1.0 Handshake [length 05f6], Certificate

TLS_accept: SSLv3 write certificate A 
>>> TLS 1.0 Handshake [length 0095], CertificateRequest

TLS_accept: SSLv3 write certificate request A 
TLS_accept: SSLv3 flush data 
TLS_accept:error in SSLv3 read client certificate A 
rlm_eap_tls: SSL_read Error
 Error code is ..... 2 
 SSL Error ..... 2 
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Login OK: [eve] (from client sha port 1 cli 00-02-2D-58-6F-AB)
Sending Access-Challenge of id 1 to 10.0.10.12:32924
	EAP-Message = "\001\004\004\n\r\300\000\000\006\344\026\003\001\000J\002\000\000F\003\001>\237 :\023k+\032zQG\267\205\033\316\026\025\207\344\325\246*\340\277U\371\024\377\230#\265p \235I:\265\316\000\344`\021\007#e\353\204.\331J\010\333q\2131\227s\234\007\372\033\314fV\r\000\004\000\026\003\001\005\366\013\000\005\362\000\005\357\000\002\2030\202\0020\202\001\350\240\003\002\001\002\002\001\0010\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2031\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCali"
	EAP-Message = "@merunetworks.com0\036\027\r030314012824Z\027\r040313012824Z0\201\2061\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0240\022\006\003U\004\007\023\013Santa Clara1\0260\024\006\003U\004\n\023\rMeru Networks1\0170\r\006\003U\004\003\023\006server1#0!\006\t*\206H\206\367\r\001\t\001\026\024sha at merunetworks.com0\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\327\213A\r\026\342z3\022\270\001$+\366\033\207\240\213\365\017{\257CC`Y\371"
	EAP-Message = "~J\241\355>\000 G\322y\253\307\0036\036\362\305x\364\311\n\007B\261T\333\237\306C\350\010\336\303|5ke\354Q\005]B\377\005\0217@<\230Pt\332\347\370\322|B\324\001\355\030\223\356\206#\367\277\247\357\r\021\222\271S\275\324\201\2366lv\243\374Y"L\373\245\336z/\002\003\001\000\0010\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000 at g\036\207\374\355:q\371\353\273D'\215CK\324+\004\002\250\223czBO\303\364\343\331v<\252\237mv\022:\000\022T)Y\341\341\215\233\370\331\002\242\265\361A\200u\315\346\006\354\031"
	EAP-Message = "\002\313\240\003\002\001\002\002\001\0000\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2031\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0240\022\006\003U\004\007\023\013Santa Clara1\0260\024\006\003U\004\n\023\rMeru Networks1\0140\n\006\003U\004\003\023\003sha1#0!\006\t*\206H\206\367\r\001\t\001\026\024sha at merunetworks.com0\036\027\r030314012529Z\027\r050313012529Z0\201\2031\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0240\022\006\003"
	EAP-Message = "0\024\006\003U\004\n\023\rMeru Networks1\0140\n"
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xf875876393b13a0db23fdb40a6c925293a209f3ed46fce94cadfe91826668c5a62ba1b17
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.10.12:32924, id=2, length=179
	User-Name = "eve"
	NAS-IP-Address = 10.0.10.12
	NAS-Port = 1
	Called-Station-Id = "00-06-25-A7-E9-AC:sha"
	Calling-Station-Id = "00-02-2D-58-6F-AB"
	Framed-MTU = 2304
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = "\002\004\000\006\r"
	State = 0xf875876393b13a0db23fdb40a6c925293a209f3ed46fce94cadfe91826668c5a62ba1b17
	Message-Authenticator = 0x62206443feaddc5d69ad64dc2213fc58
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "eve", looking up realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched eve at 105
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Login OK: [eve] (from client sha port 1 cli 00-02-2D-58-6F-AB)
Sending Access-Challenge of id 2 to 10.0.10.12:32924
	EAP-Message = "\001\005\002\356\r\200\000\000\006\344\006\003U\004\003\023\003sha1#0!\006\t*\206H\206\367\r\001\t\001\026\024sha at merunetworks.com0\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\310\322\236\026\030@\000\205\023\023kE\001\034\035\2564\235\334\323%\360\226\267Z\325\306\221\334\211\317\223\365\000\022\\\2619ACo\317\313\252\301\216\024\350\024\023\300\007\3549\004\352.O\001\037\023\202H\334\247\232_Ew\277@=\226\3517\264H\344Wge|\342\264\035\341`?\271\272\214\230"
	EAP-Message = "\335D"c0\201\260\006\003U\035#\004\201\2500\201\245\200\024\260cf`>\352\3226\213\263\332f\304\347\206\324\335D"c\241\201\211\244\201\2060\201\2031\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0240\022\006\003U\004\007\023\013Santa Clara1\0260\024\006\003U\004\n\023\rMeru Networks1\0140\n\006\003U\004\003\023\003sha1#0!\006\t*\206H\206\367\r\001\t\001\026\024sha at merunetworks.com\202\001\0000\014\006\003U\035\023\004\0050\003\001\001\3770\r\006\t*\206H\206\367\r\001\001\004\005"
	EAP-Message = "\267J\350\343\355\030\216VJ9\361a\253L\273\004c\364\375\375\301H\003\234MV\244\214\304Tz\251\021\007\304\201\201S\3602\340\325\270\200\340eT\204i\374)\234\312T\374\207Z\365\264\032m\304\242\244\334\216\357\231\366\363\342\023\263\311\305\257\003?\t\000x\241Z<}\346}\216\225\254\026\026\003\001\000\225\r\000\000\215\002\001\002\000\210\000\2060\201\2031\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0240\022\006\003U\004\007\023\013Santa Clara1\0260\024\006\003U\004\n\023\rMe"
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9ccf037fe72d89b44770fe9d022df7e93b209f3ed6a2494bedef45d6be2d6994ad1d270b
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.0.10.12:32924, id=3, length=1180
	User-Name = "eve"
	NAS-IP-Address = 10.0.10.12
	NAS-Port = 1
	Called-Station-Id = "00-06-25-A7-E9-AC:sha"
	Calling-Station-Id = "00-02-2D-58-6F-AB"
	Framed-MTU = 2304
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = "\002\005\003\351\r\200\000\000\003\337\026\003\001\003\257\013\000\002\237\000\002\234\000\002\2310\202\002\2250\202\001\376\240\003\002\001\002\002\001\0030\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2031\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0240\022\006\003U\004\007\023\013Santa Clara1\0260\024\006\003U\004\n\023\rMeru Networks1\0140\n\006\003U\004\003\023\003sha1#0!\006\t*\206H\206\367\r\001\t\001\026\024sha at merunetworks.com0\036\027\r030417212445Z\027\r04"
	EAP-Message = "fornia1\0240\022\006\003U\004\007\023\013Santa Clara1\0260\024\006\003U\004\n\023\rMeru Networks1\0140\n\006\003U\004\003\023\003eve1#0!\006\t*\206H\206\367\r\001\t\001\026\024sha at merunetworks.com0\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\264\306W\357\345\017\237f\234!\373z7\332pf~ \031\332t\214\323&Xad\\H"\223\n\323\373L\207U{\30745q\362\200\035\233q\014\226,\306\3472\365q\260DQ\234\252%`\370\241:\277\213I\013\201\211U[&"\007\261\227\034\006\217\254\314"
	EAP-Message = "\0050\270\201\002\277a\002\003\001\000\001\243\0270\0250\023\006\003U\035%\004\0140\n\006\010+\006\001\005\005\007\003\0020\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000\034&w\373\312E\375#A\337\362\2747b\335\277,\316\273?`\377\327\326\010\231\367S\253\235\347\246,\031\225g\361I\267v\256\364M \002\330P\217\202w\216w\206{\220\256je=\264\3272\307\323\264\266:\250\246\\\276\212\343\342\\\307J \326\224A{\344SL\215\373\200Y\3376\260a8_\350.\227\205u\206E\341\024\303(\r)GP\327\241p5.\213\202\r%;\234"
	EAP-Message = "(\256\215\005\305\316\306Q\034\377\203\326\330\265\01787 <4\243\247\357a\2742\352\366=\341\355~\346\204\321\203=\312k\263\354Y\374x\343\024\201\317\0358\276A\0247\247\023\376\326\243\024\331\213\006\355\227\017\000\000\202\000\200\t\270\370\034\340\200\212\205e\312\313\276\350\370xs\266\344\252\300F\202\013\243\006\032\230\345\236\343\210UV\222\253\235L\267|\3468\017\022J\232\376\374\345\353h\343\223{\3406\004\362\375\357\345\250\325\357\344b\303v2\346\215.4\3501x\240\236\317\2576\300\312\2038\007\225\351"
	State = 0x9ccf037fe72d89b44770fe9d022df7e93b209f3ed6a2494bedef45d6be2d6994ad1d270b
	Message-Authenticator = 0xb5ddf2427daa44c61939995f05d67397
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "eve", looking up realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched eve at 105
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Multiple EAP_Message attributes found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls:  Length Included
<<< TLS 1.0 Handshake [length 02a3], Certificate

chain-depth=1, 
error=0
--> User-Name = eve
--> BUF-Name = sha
--> subject = /C=US/ST=California/L=Santa Clara/O=Meru Networks/CN=sha/Email=sha at merunetworks.com
--> issuer  = /C=US/ST=California/L=Santa Clara/O=Meru Networks/CN=sha/Email=sha at merunetworks.com
--> verify return:1
chain-depth=0, 
error=0
--> User-Name = eve
--> BUF-Name = eve
--> subject = /C=US/ST=California/L=Santa Clara/O=Meru Networks/CN=eve/Email=sha at merunetworks.com
--> issuer  = /C=US/ST=California/L=Santa Clara/O=Meru Networks/CN=sha/Email=sha at merunetworks.com
--> verify return:1
TLS_accept: SSLv3 read client certificate A 
<<< TLS 1.0 Handshake [length 0086], ClientKeyExchange

TLS_accept: SSLv3 read client key exchange A 
<<< TLS 1.0 Handshake [length 0086], CertificateVerify

TLS_accept: SSLv3 read certificate verify A 
<<< TLS 1.0 ChangeCipherSpec [length 0001]

<<< TLS 1.0 Handshake [length 0010], Finished

TLS_accept: SSLv3 read finished A 
>>> TLS 1.0 ChangeCipherSpec [length 0001]

TLS_accept: SSLv3 write change cipher spec A 
>>> TLS 1.0 Handshake [length 0010], Finished

TLS_accept: SSLv3 write finished A 
TLS_accept: SSLv3 flush data 
undefined: SSL negotiation finished successfully 
rlm_eap_tls: SSL_read Error
 Error code is ..... 2 
 SSL Error ..... 2 
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Login OK: [eve] (from client sha port 1 cli 00-02-2D-58-6F-AB)
Sending Access-Challenge of id 3 to 10.0.10.12:32924
	EAP-Message = "\001\006\0005\r\200\000\000\000+\024\003\001\000\001\001\026\003\001\000 \006g\207^d\213vHf\272 N~Yva\233\027\036\367X\321C\334\264\345\245Rc$-O"
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6b3ac80216b073d802f7684f20cbd76e3b209f3ead171ec0d04ea6babec49ca0534335f3
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.0.10.12:32924, id=4, length=206
	User-Name = "eve"
	NAS-IP-Address = 10.0.10.12
	NAS-Port = 1
	Called-Station-Id = "00-06-25-A7-E9-AC:sha"
	Calling-Station-Id = "00-02-2D-58-6F-AB"
	Framed-MTU = 2304
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = "\002\006\000!\r\200\000\000\000\027\025\003\001\000\022o\307Q<I\373\214\324UM\305u{\253\233\035\353\322"
	State = 0x6b3ac80216b073d802f7684f20cbd76e3b209f3ead171ec0d04ea6babec49ca0534335f3
	Message-Authenticator = 0xa8f099482df034d7759d388fa0efec75
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "eve", looking up realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched eve at 105
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls:  Length Included
<<< TLS 1.0 Alert [length 0002], fatal access_denied

TLS Alert read:fatal:access denied 
rlm_eap_tls: SSL_read Error
16038:error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied:s3_pkt.c:991:SSL alert number 49
 Error code is ..... 6 
 SSL Error ..... 6 
rlm_eap_tls: BIO_read Error
 Error code is ..... 5 
 Error in SSL ..... 5 
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Login OK: [eve] (from client sha port 1 cli 00-02-2D-58-6F-AB)
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 3e9f203a
Cleaning up request 1 ID 1 with timestamp 3e9f203a
Sending Access-Reject of id 4 to 10.0.10.12:32924
	EAP-Message = "\004\006\000\004"
	Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 2 with timestamp 3e9f203b
Cleaning up request 3 ID 3 with timestamp 3e9f203b
Cleaning up request 4 ID 4 with timestamp 3e9f203b
Nothing to do.  Sleeping until we see a request.
4
[root at linuxsha2 ~]# exit

Script done on Thu Apr 17 14:44:50 2003


==========================  HOSTAPD OUTPUT ===========================
Script started on Thu Apr 17 14:43:51 2003
root:linuxsha:~/hostap_pci_original/hostap-2002-10-12/hostapd#./hostapd -x -S sha -o 10.0.10.12 -a 10.0.10.42 -p 1812 -b  13 -i 13 -s whatever -dd wlan0
Opening raw packet socket for ifindex 40
Using interface wlan0ap with hwaddr 00:06:25:a7:e9:ac and ssid 'sha'
Default WEP key - hexdump(len=13): 54 86 95 32 f4 fe ee 41 75 2a 9e 96 fd
Flushing old station entries
Received 59 bytes management frame
  dump: 80 00 00 00 ff ff ff ff ff ff 00 06 25 a7 e9 b3 00 06 25 a7 e9 b3 50 2c 19 02 f4 58 16 00 00 00 c0 27 01 00 00 06 61 6c 70 68 61 31 01 04 82 84 0b 16 03 01 01 05 04 00 01 02 04
MGMT
mgmt::beacon
Received 30 bytes management frame
  dump: b0 00 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac b0 00 00 00 01 00 00 00
MGMT
mgmt::auth
authentication: STA=00:02:2d:58:6f:ab auth_alg=0 auth_transaction=1 status_code=0
  New STA
Station 00:02:2d:58:6f:ab authenticated (open system)
Received 39 bytes management frame
  dump: 00 00 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac c0 00 11 00 01 00 00 03 73 68 61 01 04 02 04 0b 16
MGMT
mgmt::assoc_req
association request: STA=00:02:2d:58:6f:ab capab_info=0x11 listen_interval=1
  new AID 1
Station 00:02:2d:58:6f:ab associated (aid 1)
IEEE 802.1X: Start authentication for new station 00:02:2d:58:6f:ab
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_KEY_TX entering state NO_KEY_TRANSMIT
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:02:2d:58:6f:ab
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:02:2d:58:6f:ab (identifier 0)
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state IDLE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:58:6f:ab (identifier 1)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 37 bytes management frame
  dump: 08 01 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac d0 00 aa aa 03 00 00 00 88 8e 01 01 00 00 00
DATA
IEEE 802.1X: 5 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=1 length=0
   ignoring 1 extra octets after IEEE 802.1X packet
   EAPOL-Start
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:58:6f:ab (identifier 1)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 30 bytes management frame
  dump: b0 00 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac b0 00 00 00 01 00 00 00
MGMT
mgmt::auth
authentication: STA=00:02:2d:58:6f:ab auth_alg=0 auth_transaction=1 status_code=0
Station 00:02:2d:58:6f:ab authenticated (open system)
Received 39 bytes management frame
  dump: 00 00 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac c0 00 11 00 01 00 00 03 73 68 61 01 04 02 04 0b 16
MGMT
mgmt::assoc_req
association request: STA=00:02:2d:58:6f:ab capab_info=0x11 listen_interval=1
  old AID 1
Station 00:02:2d:58:6f:ab associated (aid 1)
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 0 0 3599 29)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 0 0 3599 28)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 37 bytes management frame
  dump: 08 01 3a 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac d0 00 aa aa 03 00 00 00 88 8e 01 01 00 00 00
DATA
IEEE 802.1X: 5 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=1 length=0
   ignoring 1 extra octets after IEEE 802.1X packet
   EAPOL-Start
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:58:6f:ab (identifier 1)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: Unauthorizing station 00:02:2d:58:6f:ab
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:02:2d:58:6f:ab (identifier 1)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:58:6f:ab (identifier 2)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 44 bytes management frame
  dump: 08 01 3a 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac e0 00 aa aa 03 00 00 00 88 8e 01 00 00 08 02 01 00 08 01 65 76 65
DATA
IEEE 802.1X: 12 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=0 length=8
   EAP: code=2 identifier=1 length=8 (response)
EAP Identifier of the Response-Identity from 00:02:2d:58:6f:ab does not match (was 1, expected 2)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 30 bytes management frame
  dump: b0 00 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac b0 00 00 00 01 00 00 00
MGMT
mgmt::auth
authentication: STA=00:02:2d:58:6f:ab auth_alg=0 auth_transaction=1 status_code=0
Station 00:02:2d:58:6f:ab authenticated (open system)
Received 39 bytes management frame
  dump: 00 00 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac c0 00 11 00 01 00 00 03 73 68 61 01 04 02 04 0b 16
MGMT
mgmt::assoc_req
association request: STA=00:02:2d:58:6f:ab capab_info=0x11 listen_interval=1
  old AID 1
Station 00:02:2d:58:6f:ab associated (aid 1)
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 0 0 3599 29)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 0 0 3599 28)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 37 bytes management frame
  dump: 08 01 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac e0 00 aa aa 03 00 00 00 88 8e 01 01 00 00 00
DATA
IEEE 802.1X: 5 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=1 length=0
   ignoring 1 extra octets after IEEE 802.1X packet
   EAPOL-Start
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:02:2d:58:6f:ab (identifier 2)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 44 bytes management frame
  dump: 08 01 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac f0 00 aa aa 03 00 00 00 88 8e 01 00 00 08 02 02 00 08 01 65 76 65
DATA
IEEE 802.1X: 12 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=0 length=8
   EAP: code=2 identifier=2 length=8 (response)
   EAP Response-Identity
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=143
   Attribute 1 (User-Name) length=5
      Value: 'eve'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 10.0.10.12
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=23
      Value: '00-06-25-A7-E9-AC:sha'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-02-2D-58-6F-AB'
   Attribute 12 (Framed-MTU) length=6
      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=10
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 84 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=84
   Attribute 79 (EAP-Message) length=8
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:02:2d:58:6f:ab
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:02:2d:58:6f:ab (identifier 3)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 116 bytes management frame
  dump: 08 01 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac 00 01 aa aa 03 00 00 00 88 8e 01 00 00 50 02 03 00 50 0d 80 00 00 00 46 16 03 01 00 41 01 00 00 3d 03 01 3e 9f 20 b5 2a 8a eb ab fe ab f8 28 d7 6d 32 f7 29 e6 c4 73 9f 2e e2 9f ef a3 70 3c 45 5a 12 05 00 00 16 00 04 00 05 00 0a 00 09 00 64 00 62 00 03 00 06 00 13 00 12 00 63 01 00
DATA
IEEE 802.1X: 84 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=0 length=80
   EAP: code=2 identifier=3 length=80 (response)
   EAP Response-TLS
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=253
   Attribute 1 (User-Name) length=5
      Value: 'eve'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 10.0.10.12
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=23
      Value: '00-06-25-A7-E9-AC:sha'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-02-2D-58-6F-AB'
   Attribute 12 (Framed-MTU) length=6
      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=82
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1120
   Attribute 79 (EAP-Message) length=254
   Attribute 79 (EAP-Message) length=254
   Attribute 79 (EAP-Message) length=254
   Attribute 79 (EAP-Message) length=254
   Attribute 79 (EAP-Message) length=28
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:02:2d:58:6f:ab
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:02:2d:58:6f:ab (identifier 4)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
  dump: 08 01 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac 10 01 aa aa 03 00 00 00 88 8e 01 00 00 06 02 04 00 06 0d 00
DATA
IEEE 802.1X: 10 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=0 length=6
   EAP: code=2 identifier=4 length=6 (response)
   EAP Response-TLS
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=179
   Attribute 1 (User-Name) length=5
      Value: 'eve'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 10.0.10.12
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=23
      Value: '00-06-25-A7-E9-AC:sha'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-02-2D-58-6F-AB'
   Attribute 12 (Framed-MTU) length=6
      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 832 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=832
   Attribute 79 (EAP-Message) length=254
   Attribute 79 (EAP-Message) length=254
   Attribute 79 (EAP-Message) length=248
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:02:2d:58:6f:ab
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:02:2d:58:6f:ab (identifier 5)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 1037 bytes management frame
  dump: 08 05 58 04 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac 21 01 aa aa 03 00 00 00 88 8e 01 00 03 e9 02 05 03 e9 0d 80 00 00 03 df 16 03 01 03 af 0b 00 02 9f 00 02 9c 00 02 99 30 82 02 95 30 82 01 fe a0 03 02 01 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81 83 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 61 31 14 30 12 06 03 55 04 07 13 0b 53 61 6e 74 61 20 43 6c 61 72 61 31 16 30 14 06 03 55 04 0a 13 0d 4d 65 72 75 20 4e 65 74 77 6f 72 6b 73 31 0c 30 0a 06 03 55 04 03 13 03 73 68 61 31 23 30 21 06 09 2a 86 48 86 f7 0d 01 09 01 16 14 73 68 61 40 6d 65 72 75 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 30 1e 17 0d 30 33 30 34 31 37 32 31 32 34 34 35 5a 17 0d 30 34 30 34 31 36 32 31 32 34 34 35 5a 30 81 83 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 61 31 14 30 12 06 03 55 04 07 13 0b 53 61 6e 74 61 20 43 6c 61 72 61 31 16 30 14 06 03 55 04 0a 13 !
 0d 4d 65 72 75 20 4e 65 74 77 6f 72 6b 73 31 0c 30 0a 06 03 55 04 03 13 03 65 76 65 31 23 30 21 06 09 2a 86 48 86 f7 0d 01 09 01 16 14 73 68 61 40 6d 65 72 75 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b4 c6 57 ef e5 0f 9f 66 9c 21 fb 7a 37 da 70 66 7e 20 19 da 74 8c d3 26 58 61 64 5c 48 22 93 0a d3 fb 4c 87 55 7b c7 34 35 71 f2 80 1d 9b 71 0c 96 2c c6 e7 32 f5 71 b0 44 51 9c aa 25 60 f8 a1 3a bf 8b 49 0b 81 89 55 5b 26 22 07 b1 97 1c 06 8f ac cc 7c f5 f3 93 a2 ce 9d 8e ca 7b c4 16 30 e9 10 66 07 22 f4 a6 d1 67 99 04 d5 3b 02 83 1f 8c 75 eb 66 65 66 7c 24 f7 05 30 b8 81 02 bf 61 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 1c 26 77 fb ca 45 fd 23 41 df f2 bc 37 62 dd bf 2c ce bb 3f 60 ff d7 d6 08 99 f7 53 ab 9d e7 a6 2c 19 95 67 f1 49 b7 76 ae f4 4d 20 02 d8 50 8f 82 77 8e 77 86 7b 90 ae 6a 65 3!
 d b4 d7 32 c7 d3 b4 b6 3a a8 a6 5c be 8a e3 e2 5c c7 4a 20 d6 !
94 41 7b e4 53 4c 8d fb 80 59 df 36 b0 61 38 5f e8 2e 97 85 75 86 45 e1 14 c3 28 0d 29 47 50 d7 a1 70 35 2e 8b 82 0d 25 3b 9c c7 2b aa 83 61 47 50 10 00 00 82 00 80 97 93 6b 65 f2 27 94 c2 f8 ab bd 03 02 75 90 07 1c ef fe b6 75 ce a3 a6 89 8a a9 59 72 d2 49 0d 99 98 98 55 24 12 b9 8c e3 3c 71 7e b7 47 b2 01 e1 c8 29 5b 9e f1 46 92 1f b0 d8 d1 dd d4 60 28 ae 8d 05 c5 ce c6 51 1c ff 83 d6 d8 b5 0f 38 37 20 3c 34 a3 a7 ef 61 bc 32 ea f6 3d e1 ed 7e e6 84 d1 83 3d ca 6b b3 ec 59 fc 78 e3 14 81 cf 1d 38 be 41 14 37 a7 13 fe d6 a3 14 d9 8b 06 ed 97 0f 00 00 82 00 80 09 b8 f8 1c e0 80 8a 85 65 ca cb be e8 f8 78 73 b6 e4 aa c0 46 82 0b a3 06 1a 98 e5 9e e3 88 55 56 92 ab 9d 4c b7 7c e6 38 0f 12 4a 9a fe fc e5 eb 68 e3 93 7b e0 36 04 f2 fd ef e5 a8 d5 ef e4 62 c3 76 32 e6 8d 2e 34 e8 31 78 a0 9e cf af 36 c0 ca 83 38 07 95 e9 04 ef 25 d6 98 e0 9f 5a d1 66 29 24 f1 8f a8 fa cf f7 7f c0 67 e3 63 31 49 75 6a 9c ca e4 c8 ea 16 a5 f5 3b 7c 23 4d 0f 4a 14 03 01 00 01 01 16 03 01 00 20 31 5b!
  20 26 0b aa b4 79 a9 4b bf bd 15 1d 05 ea 07 58 c1 13 d6 5a 45 07 74 eb 2a fd 5d e5 4e b2
DATA
IEEE 802.1X: 1005 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=0 length=1001
   EAP: code=2 identifier=5 length=1001 (response)
   EAP Response-TLS
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=1180
   Attribute 1 (User-Name) length=5
      Value: 'eve'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 10.0.10.12
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=23
      Value: '00-06-25-A7-E9-AC:sha'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-02-2D-58-6F-AB'
   Attribute 12 (Framed-MTU) length=6
      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=244
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 131 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=131
   Attribute 79 (EAP-Message) length=55
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:02:2d:58:6f:ab
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:02:2d:58:6f:ab (identifier 6)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 69 bytes management frame
  dump: 08 01 02 01 00 06 25 a7 e9 ac 00 02 2d 58 6f ab 00 06 25 a7 e9 ac 30 01 aa aa 03 00 00 00 88 8e 01 00 00 21 02 06 00 21 0d 80 00 00 00 17 15 03 01 00 12 6f c7 51 3c 49 fb 8c d4 55 4d c5 75 7b ab 9b 1d eb d2
DATA
IEEE 802.1X: 37 bytes from 00:02:2d:58:6f:ab
   IEEE 802.1X: version=1 type=0 length=33
   EAP: code=2 identifier=6 length=33 (response)
   EAP Response-TLS
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=206
   Attribute 1 (User-Name) length=5
      Value: 'eve'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 10.0.10.12
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=23
      Value: '00-06-25-A7-E9-AC:sha'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-02-2D-58-6F-AB'
   Attribute 12 (Framed-MTU) length=6
      Value: 2304
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=35
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 29 0 3599 29)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 59 bytes management frame
  dump: 80 00 00 00 ff ff ff ff ff ff 00 06 25 a7 e9 b3 00 06 25 a7 e9 b3 a0 2c d4 02 70 59 16 00 00 00 c0 27 01 00 00 06 61 6c 70 68 61 31 01 04 82 84 0b 16 03 01 01 05 04 00 01 02 04
MGMT
mgmt::beacon
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 28 0 3599 28)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 27 0 3599 27)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 26 0 3599 26)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 25 0 3599 25)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Received 44 bytes from authentication server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=4 length=44
   Attribute 79 (EAP-Message) length=6
   Attribute 80 (Message-Authenticator) length=18
RADIUS packet matching with station 00:02:2d:58:6f:ab
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state FAIL
IEEE 802.1X: Sending canned EAP packet FAILURE to 00:02:2d:58:6f:ab (identifier 6)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab AUTH_PAE entering state HELD
IEEE 802.1X: Unauthorizing station 00:02:2d:58:6f:ab
IEEE 802.1X: 00:02:2d:58:6f:ab BE_AUTH entering state IDLE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 24 59 3599 24)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 23 58 3599 23)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 22 57 3599 22)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 21 56 3599 21)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 20 55 3599 20)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 19 54 3599 19)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 18 53 3599 18)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 17 52 3599 17)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 16 51 3599 16)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 15 50 3599 15)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:02:2d:58:6f:ab Port Timers TICK (timers: 14 49 3599 14)
IEEE 802.1X: 00:02:2d:58:6f:ab REAUTH_TIMER entering state INITIALIZE
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations
root:linuxsha:~/hostap_pci_original/hostap-2002-10-12/hostapd#exit

Script done on Thu Apr 17 14:44:42 2003





More information about the Hostap mailing list