help !something about hostap-xsupplicant-freeradius!!
tan keen
keentan_coldfire
Tue Mar 25 05:11:14 PST 2003
hi,
i just do it all follow
1)HOWTO on EAP/TLS authentication between freeRadius and xsupplicant(http://www.missl.cs.umd.edu/wireless/eaptls/) ,
2) README_prism2.htm
to build a wlan using 802.1x . (two pc running linux RedHat 7.2 ; AP and FreeRadius are in one pc)
i finish those work sugesting in the above two document and i have changed the ATTR_FRAMED_MTU value in ieee802_1x.c file to 1500 from 2304., but i can not be authoried by AP successfully.
where is my error come from ? Can anyone told me? thank you!!
========================
######xsupplicant -i wlan0
i got this : failed to verify cert error : Certificate has expired
================================
######./hostapd -dd -x -o 192.168.2.155 -a 192.168.2.155 -s whatever wlan0
i got :EEE 802.1X: 4 bytes from 00:40:05:af:05:2e
IEEE 802.1X: version=1 type=1 length=0
EAPOL-Start
IEEE 802.1X: 00:40:05:af:05:2e AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:af:05:2e (identifier 1)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 49 bytes management frame
DATA
IEEE 802.1X: 17 bytes from 00:40:05:af:05:2e
IEEE 802.1X: version=1 type=0 length=13
EAP: code=2 identifier=1 length=13 (response)
EAP Response-Identity
IEEE 802.1X: 00:40:05:af:05:2e AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=154
Attribute 1 (User-Name) length=10
Value: 'adam-ctl'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.2.155
Attribute 5 (NAS-Port) length=6
Value: 1
Attribute 30 (Called-Station-Id) length=24
Value: '00-40-05-AF-05-14:test'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-40-05-AF-05-2E'
Attribute 12 (Framed-MTU) length=6
Value: 1500
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=15
Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 84 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=84
Attribute 79 (EAP-Message) length=8
Attribute 80 (Message-Authenticator) length=18
Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 2)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 98 bytes management frame
DATA
IEEE 802.1X: 66 bytes from 00:40:05:af:05:2e
IEEE 802.1X: version=1 type=0 length=62
EAP: code=2 identifier=2 length=62 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=241
Attribute 1 (User-Name) length=10
Value: 'adam-ctl'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.2.155
Attribute 5 (NAS-Port) length=6
Value: 1
Attribute 30 (Called-Station-Id) length=24
Value: '00-40-05-AF-05-14:test'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-40-05-AF-05-2E'
Attribute 12 (Framed-MTU) length=6
Value: 1500
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=64
Attribute 24 (State) length=38
Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1120
Attribute 79 (EAP-Message) length=255
Attribute 79 (EAP-Message) length=255
Attribute 79 (EAP-Message) length=255
Attribute 79 (EAP-Message) length=255
Attribute 79 (EAP-Message) length=24
Attribute 80 (Message-Authenticator) length=18
Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 3)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:af:05:2e
IEEE 802.1X: version=1 type=0 length=6
EAP: code=2 identifier=3 length=6 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=185
Attribute 1 (User-Name) length=10
Value: 'adam-ctl'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.2.155
Attribute 5 (NAS-Port) length=6
Value: 1
Attribute 30 (Called-Station-Id) length=24
Value: '00-40-05-AF-05-14:test'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-40-05-AF-05-2E'
Attribute 12 (Framed-MTU) length=6
Value: 1500
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Attribute 24 (State) length=38
Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 60 bytes management frame
MGMT
mgmt::beacon
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1120
Attribute 79 (EAP-Message) length=255
Attribute 79 (EAP-Message) length=255
Attribute 79 (EAP-Message) length=255
Attribute 79 (EAP-Message) length=255
Attribute 79 (EAP-Message) length=24
Attribute 80 (Message-Authenticator) length=18
Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 4)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:af:05:2e
IEEE 802.1X: version=1 type=0 length=6
EAP: code=2 identifier=4 length=6 (response)
EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=185
Attribute 1 (User-Name) length=10
Value: 'adam-ctl'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.2.155
Attribute 5 (NAS-Port) length=6
Value: 1
Attribute 30 (Called-Station-Id) length=24
Value: '00-40-05-AF-05-14:test'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-40-05-AF-05-2E'
Attribute 12 (Framed-MTU) length=6
Value: 1500
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Attribute 24 (State) length=38
Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 267 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=267
Attribute 79 (EAP-Message) length=191
Attribute 80 (Message-Authenticator) length=18
Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 5)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 60 bytes management frame
MGMT
mgmt::beacon
Received 60 bytes management frame
MGMT
mgmt::beacon
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations
=======================================
#######run-radius -X -A
i got:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/radius/etc/raddb/proxy.conf
Config: including file: /usr/local/radius/etc/raddb/clients.conf
Config: including file: /usr/local/radius/etc/raddb/snmp.conf
Config: including file: /usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir = "/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/radius/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/radius/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: ignore_password = no
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/usr/local/radius/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
rlm_eap: Loaded and initialized the type leap
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/1x/r/cert-srv.pem"
tls: certificate_file = "/etc/1x/r/cert-srv.pem"
tls: CA_file = "/etc/1x/r/root.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/1x/r/dh"
tls: random_file = "/etc/1x/r/random"
tls: fragment_size = 1024
tls: include_length = yes
rlm_eap_tls: conf N ctx stored
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/radius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/radius/etc/raddb/users"
files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/radius/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.155:1386, id=0, length=154
User-Name = "adam-ctl"
NAS-IP-Address = 192.168.2.155
NAS-Port = 1
Called-Station-Id = "00-40-05-AF-05-14:test"
Calling-Station-Id = "00-40-05-AF-05-2E"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201000d016164616d2d63746c
Message-Authenticator = 0x1d2a7f0c2d0c4f1c71a1005ecae2ab7b
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP packet type notification id 1 length 13
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "adam-ctl", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched adam-ctl at 97
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP packet type notification id 1 length 13
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 0 to 192.168.2.155:1386
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1de79609653047a7e65e103f693ea0597f1f803ef7585dcdd2d3c255fe999d0b2d0dd409
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.155:1386, id=1, length=241
User-Name = "adam-ctl"
NAS-IP-Address = 192.168.2.155
NAS-Port = 1
Called-Station-Id = "00-40-05-AF-05-14:test"
Calling-Station-Id = "00-40-05-AF-05-2E"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0202003e0d8000000034160301002f0100002b03013e801df2e50144f
State = 0x1de79609653047a7e65e103f693ea0597f1f803ef7585dcdd2d3c255fe999d0b2d0dd409
Message-Authenticator = 0x83283f64915512a8aa1c3832735d8621
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP packet type notification id 2 length 62
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "adam-ctl", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched adam-ctl at 97
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP packet type notification id 2 length 62
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
<<< TLS 1.0 Handshake [length 002f], ClientHello
TLS_accept: SSLv3 read client hello A
>>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
>>> TLS 1.0 Handshake [length 07aa], Certificate
TLS_accept: SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 00b0], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 1 to 192.168.2.155:1386
EAP-Message = 0x0103040a0dc0000008b3160301004a0200004603013e801f7f0110ec0e4c343049dc7714a3686a845487a1a1b736f5f6af0b7a1bdc204613e53a6ba3c2d5d586ab637b12b5fd73c92d04ec9bcb538b44ff887566e58100040016030107aa0b0007a60007a30003e6308203e23082034ba003020102020102300d06092a864886f70d010104050030819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c3112301006035504031309
EAP-Message = 0x6164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e656475301e170d3032303232383038343030375a170d3033303232383038343030375a3081a0310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c311430120603550403130b6164616d2d7365727665723120301e06092a864886f70d01090116116164616d40636661722e756d642e65647530819f300d06092a864886f70d0101
EAP-Message = 0x01050003818d0030818902818100bb02c243540c09a20d64a5c8c29bca7727f62a6432265c38fd4900392d5754469617386e959cb43eee77cc98a80c1e8fcfda55813115edc142141b953b5771b79e1a32bbdc2f3b1d0046082db28fe553631f83cd21411388949432c3b0d96cd77c046b32284a939240555ba0a8f38320b0921ef5c8b3cd1a9fadee9c3256c6e50203010001a382012a3082012630090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414c66c3206e508b305c2353cae6192e9d21dd6b12c3081cb0603551d230481
EAP-Message = 0xc33081c080146f89584e55edc5d0e6bd2d8b80fe919605897694a181a4a481a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e656475820100300d06092a864886f70d01010405000381810002a0ec352165caeffc552e1476b8d0912997c06f287732c00a5b8373d3f2e1f1a985f1851cd3
EAP-Message = 0xbc7abb38a7d905daa7abb2ae4cbcb6877e437e8be10d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x10fdcee015541c23f6667595678bf5127f1f803ea5d31079e0f98191138d8122ab4eafc0
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.155:1386, id=2, length=185
User-Name = "adam-ctl"
NAS-IP-Address = 192.168.2.155
NAS-Port = 1
Called-Station-Id = "00-40-05-AF-05-14:test"
Calling-Station-Id = "00-40-05-AF-05-2E"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300060d00
State = 0x10fdcee015541c23f6667595678bf5127f1f803ea5d31079e0f98191138d8122ab4eafc0
Message-Authenticator = 0xee6fbaa0944c0ed3a7262ada9cf8f33c
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP packet type notification id 3 length 6
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "adam-ctl", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched adam-ctl at 97
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP packet type notification id 3 length 6
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 2 to 192.168.2.155:1386
EAP-Message = 0x0104040a0dc0000008b393b9c3a5d96464990a2c72c0efdcd5e5fe040d41a1b4c426acb573ac968e7208d06cfe81b4cf79655a134275d844fc53d6b3a55fdcd5fac17fcee0aa86d3338e9fbc2acc0003b7308203b33082031ca003020102020100300d06092a864886f70d010104050030819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d0109
EAP-Message = 0x0116116164616d40636661722e756d642e656475301e170d3032303232383038333834345a170d3033303232383038333834345a30819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e65647530819f300d06092a864886f70d010101050003818d0030818902818100b76856cbfed7232ee45c3e
EAP-Message = 0xd43f8040e993252d513b9a045d14f5b7517dba75ea2fb28301f43e365bf24d708896b46b48436b17bcc6373878fb2c92c6355ecefda18e4a6f9b3d22da693e8710841074aba5f4711738aa23248cae7f14eca024366572eefdbf72549e937c977a2ceac764a2c95da163e5c0596e6cb092b4ae11dd0203010001a381fe3081fb301d0603551d0e041604146f89584e55edc5d0e6bd2d8b80fe9196058976943081cb0603551d230481c33081c080146f89584e55edc5d0e6bd2d8b80fe919605897694a181a4a481a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c6567
EAP-Message = 0x65205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e656475820100300c0603551d13040530030101ff300d06092a864886f70d010104050003818100450e6fd396fb46ec1d9820542ecf1d75363f08b2cc07cb84b6d7451aff714c7a775d3bf1666973fb0c35e7cfd6c31a179d70c085bc459ba1294c1dca22cb9273c76c3b12f519a74318c3ae0d7705d32cfdf75ad32a597fbde29a2780c102ec0751a1adefff8ad463c1f5a175
EAP-Message = 0x313c998a42537e8114e0bba00898c9963931d64d1603
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9aa445bba75b34a90f20258ea68c699c7f1f803e8e78ac8f7f23c1824f6cae6b45accbd6
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.155:1386, id=3, length=185
User-Name = "adam-ctl"
NAS-IP-Address = 192.168.2.155
NAS-Port = 1
Called-Station-Id = "00-40-05-AF-05-14:test"
Calling-Station-Id = "00-40-05-AF-05-2E"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400060d00
State = 0x9aa445bba75b34a90f20258ea68c699c7f1f803e8e78ac8f7f23c1824f6cae6b45accbd6
Message-Authenticator = 0xde7c08fcf4e7d793c64b85c841c10ba8
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP packet type notification id 4 length 6
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "adam-ctl", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched adam-ctl at 97
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP packet type notification id 4 length 6
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 3 to 192.168.2.155:1386
EAP-Message = 0x010500bd0d80000008b30100b00d0000a802010200a300a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e6564750e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x533810a9d53f5cb5ba30e1deb2e11b087f1f803eeffd5b19b9da4a6ed461106596b191a7
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 3e801f7f
Cleaning up request 1 ID 1 with timestamp 3e801f7f
Cleaning up request 2 ID 2 with timestamp 3e801f7f
Cleaning up request 3 ID 3 with timestamp 3e801f7f
Nothing to do. Sleeping until we see a request.
=========================
it seem ok ,but xsupplicant cant be authoried by AP!
what the problem ? i need your help!
---------------------------------
Do You Yahoo!?
"?????KTV, ????????OK~~"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20030325/832d56e6/attachment.htm
More information about the Hostap
mailing list