EAP-TLS not successful

Premraj Sundaram premraj.sundaram
Thu Jun 11 11:34:31 PDT 2015 

Hi,

Have configured hostapd as RADIUS Server and trying to do EAP-TLS.
I have been unsuccessful in getting this right. Following are the logs.
Is it due to some configuration which I am missing.

Any input is much appreciated.

Thanks,


random: Trying to read entropy from /dev/random
Configuration file: ./hostapd.conf
Completing interface initialization
hostapd_setup_bss(hapd=0x177fe160 (eth0), first=1)
RADIUS local address: 127.0.0.1:25678
TLS: Trusted root certificate(s) loaded
eth0: interface state UNINITIALIZED->ENABLED
eth0: AP-ENABLED
eth0: Setup of interface done.
ctrl_iface not configured!
random: Got 20/20 bytes from /dev/random
RADIUS SRV: Received 75 bytes from 10.155.33.243:57225
RADIUS SRV: Creating a new session
RADIUS SRV: Matching user entry found
RADIUS SRV: [0x0 10.155.33.243] New session created
EAP: Server state machine created
RADIUS SRV: New session 0x0 initialized
EAP: EAP entering state INITIALIZE
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=0 respMethod=1 respVendor=0
respVendorMethod=0
eth0: CTRL-EVENT-EAP-STARTED 00:00:00:00:00:00
EAP: EAP entering state PICK_UP_METHOD
eth0: CTRL-EVENT-EAP-PROPOSED-METHOD method=1
EAP: EAP entering state METHOD_RESPONSE
EAP-Identity: Peer identity - hexdump_ascii(len=14):
     61 6d 65 6f 40 63 69 73 63 6f 2e 63 6f 6d         aeo at aeo.com
RADIUS SRV: [0x0 10.155.33.243] EAP: EAP-Response/Identity 'ameo at aeo.com'
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: another method available -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 13
eth0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
RADIUS SRV: [0x0 10.155.33.243] EAP: Propose EAP method vendor=0 method=13
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 1
EAP-TLS: START -> CONTINUE
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
RADIUS SRV: Reply to 10.155.33.243:57225
RADIUS SRV: Received 134 bytes from 10.155.33.243:57225
RADIUS SRV: Request for session 0x0
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=1 respMethod=13
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=72) - Flags 0x00
SSL: Received packet: Flags 0x0 Message Length 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before/accept initialization
OpenSSL: RX ver=0x301 content_type=22
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 read client hello A
OpenSSL: TX ver=0x301 content_type=22
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 write server hello A
OpenSSL: TX ver=0x301 content_type=22
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 write certificate A
OpenSSL: TX ver=0x301 content_type=22
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 write certificate request A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 flush data
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in SSLv3 read client certificate A
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in SSLv3 read client certificate A
SSL: SSL_connect - want more data
SSL: 1346 bytes pending from ssl_out
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 2
SSL: Generating Request
SSL: Sending out 1346 bytes (message sent completely)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
RADIUS SRV: Reply to 10.155.33.243:57225
RADIUS SRV: Received 1104 bytes from 10.155.33.243:57225
RADIUS SRV: Request for session 0x0
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=2 respMethod=13
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=1034) - Flags 0xc0
SSL: TLS Message Length: 1028
SSL: Received packet: Flags 0xc0 Message Length 1028
SSL: Received 1024 bytes in first fragment, waiting for 4 bytes more
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 3
SSL: Building ACK
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
RADIUS SRV: Reply to 10.155.33.243:57225
RADIUS SRV: Received 504 bytes from 10.155.33.243:57225
RADIUS SRV: Request for session 0x0
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=3 respMethod=13
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=440) - Flags 0x00
SSL: Received packet: Flags 0x0 Message Length 0
SSL: Fragment overflow
EAP-TLS: CONTINUE -> FAILURE
EAP: Session-Id - hexdump(len=0): [NULL]
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method failed -> FAILURE
EAP: EAP entering state FAILURE
EAP: Building EAP-Failure (id=3)
eth0: CTRL-EVENT-EAP-FAILURE 00:00:00:00:00:00
RADIUS SRV: [0x0 10.155.33.243] EAP authentication failed
RADIUS SRV: Reply to 10.155.33.243:57225
RADIUS SRV: [0x0 10.155.33.243] Sending Access-Reject
RADIUS SRV: Removing completed session 0x0 after timeout
RADIUS SRV: Removing completed session 0x0
EAP: Server state machine removed
Signal 2 received - terminating
hostapd_interface_deinit_free(0x177fcc80)
hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1
hostapd_interface_deinit(0x177fcc80)
eth0: interface state ENABLED->DISABLED
hostapd_bss_deinit: deinit bss eth0
eth0: AP-DISABLED
hostapd_cleanup(hapd=0x177fe160 (eth0))
hostapd_free_hapd_data(eth0)
hostapd_interface_deinit_free: driver=0x464d00 drv_priv=0x177fe050 ->
hapd_deinit
hostapd_interface_free(0x177fcc80)
hostapd_interface_free: free hapd 0x177fe160
hostapd_cleanup_iface(0x177fcc80)
hostapd_cleanup_iface_partial(0x177fcc80)
hostapd_cleanup_iface: free iface=0x177fcc80
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150611/acd2027b/attachment.htm>

More information about the Hostap mailing list