Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

Strony: 1

 

#1  2011-09-29 13:15:27

  Nicram - Użytkownik

Nicram
Użytkownik
Zarejestrowany: 2006-03-28

freeradius EAP błędy

Witam
postawiłem freeradiusa do obsługi eap. system debian 6.0 stable
do wygenerowania certyfikatu użyłem dostarczonego skryptu bootstrap.
ogólnie radius odpowiada, ale w debugu mam warninga o nie zakonczeniu eapa:

Kod:

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb7130d7f212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

szczerze powiedziawszy przejrzałem w/w wiki, ale nie znalazłem rozwiązania.
co z tym zrobić??

eap.conf

Kod:

root@sqlDELL:/etc/freeradius# sed -e '/^\s*#/d' eap.conf |egrep -v "^$"
    eap {
        default_eap_type = peap
        timer_expire     = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = 4096
        md5 {
        }
        leap {
        }
        gtc {
            auth_type = PAP
        }
        tls {
            certdir = ${confdir}/certs
            cadir = ${confdir}/certs
            private_key_password = whatever
            private_key_file = ${certdir}/server.key
            certificate_file = ${certdir}/server.pem
            CA_file = ${cadir}/ca.pem
            dh_file = ${certdir}/dh
            random_file = /dev/urandom
            CA_path = ${cadir}
            cipher_list = "DEFAULT"
            make_cert_command = "${certdir}/bootstrap"
            cache {
                  enable = no
                  lifetime = 24 # hours
                  max_entries = 255
            }
            verify {
            }
        }
        ttls {
            default_eap_type = md5
            copy_request_to_tunnel = yes
            use_tunneled_reply = yes
            virtual_server = "inner-tunnel"
        }
        peap {
            default_eap_type = mschapv2
            copy_request_to_tunnel = yes
            use_tunneled_reply = yes
            virtual_server = "inner-tunnel"
        }
        mschapv2 {
        }
    }

reszta konfiguracji standardowa.

log z uwierzytelnienia:

Kod:

rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=71
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    EAP-Message = 0x0201000801616c61
    Message-Authenticator = 0xce598b98573fd473170c6a2475c73483
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry ala at line 4
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    EAP-Message = 0x010200160410580effe958b57d53c1cee10ecd2c2533
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb7132d1ef12f025cd9d0b62c3cb
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=87
Cleaning up request 0 ID 0 with timestamp +6
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb7132d1ef12f025cd9d0b62c3cb
    EAP-Message = 0x020200060319
    Message-Authenticator = 0x6eba6590e1a335a97f921c9172bed310
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry ala at line 4
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    EAP-Message = 0x010300061920
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb7133d0f212f025cd9d0b62c3cb
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=198
Cleaning up request 1 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb7133d0f212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb7133d0f212f025cd9d0b62c3cb
    EAP-Message = 0x0203007519800000006b16030100660100006203014e84381f77f332d0d193b19f05d48c8edde09d742ff9f6fcd21abbbfd7b74870000018002f00350005000ac013c014c009c00a003200380013000401000021ff01000100000000080006000003616c61000a0006000400170018000b00020100
    Message-Authenticator = 0x6d1cee27eee82de8506c557b24dc1fa0
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 117
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 107
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0066], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0804], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    EAP-Message = 0x0104040019c00000084816030100310200002d03014e843851a3011250e8a93dcc659671a4553936d42970911d01814cba6d58591800002f000005ff0100010016030108040b0008000007fd00038b308203873082026fa003020102020101300d06092a864886f70d0101040500307f310b300906035504061302504c311430120603550408130b6d617a6f776965636b69653112301006035504071309536f636861637a65773111300f060355040a1308696e746572646f6d311d301b06092a864886f70d010901160e61646d696e4065736f63682e706c311430120603550403130b496e746572646f6d204341301e170d31313039323930393132
    EAP-Message = 0x30395a170d3231303932363039313230395a3076310b300906035504061302504c311430120603550408130b6d617a6f776965636b69653111300f060355040a1308696e746572646f6d311f301d060355040313165261646975732053657276657220496e746572646f6d311d301b06092a864886f70d010901160e61646d696e4065736f63682e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100f4e4190ed4d02027c8bc5bb4d30014709599497897959f6abf3c3040a92688b98c1fb8ec3ac52278d52179d40d2877958beb14455282f415973d71a6a6fe173c6ff504f1f1d48d01c7f4eaf47bd8553db87a
    EAP-Message = 0x262e1403cfa0a658be1b751d18f0f921f6257b570c62423e58dc199a6739ca95ad7891e654e883c539ff9a0ed385eaeaca5eb817cd1194769f9b97d09955c523085422a80adc35520637d5ef6f276b1ddaf57c8c1c90c389f72e02fdf5b18572ca04cbba31a6f4f6d8e5097a207104c390c6c56652580c13e1de6235e9d0d935d7c6570bbcc173de45f8d2c63fd08521b3a5b9f0eecead41dcf3367272849ebf98e53e6bba0b0b0073b02ac7fe430203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101009504ccfa5339fcc8ef5b55326556d10d861c48d7b788543a8f2c87d2ef
    EAP-Message = 0x42cd95b6a46f005f78df7198188339e594c0ac58561167c04d7d18f9d44b8ef415a4f640851f47e40fe88920b04dfd01ce7176e6075f6800951d2cea72004b966df6b4c6ae913e0d8339250b91cc039216214d9902df508da59b0e7b2a01f2f0cd66cb1263e33e195b83849c5f79815cc943241dce0429b5e13c51ce5d842dd0fc92f25bd47b7cd83d462323b3f7a96e8fdcddcc9bd77602e979b278286264ebcb094ad2d749b80356444878164e6804535d3f7f2e87d4c26dedb183fd8e59a259473f9daeb1431af9ba20f1352f11ee4cb307eff8598c30201028a83e6ed8fd7d669400046c3082046830820350a003020102020900b7c0356a6b139e
    EAP-Message = 0xdb300d06092a864886f70d01
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb7130d7f212f025cd9d0b62c3cb
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=87
Cleaning up request 2 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb7130d7f212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb7130d7f212f025cd9d0b62c3cb
    EAP-Message = 0x020400061900
    Message-Authenticator = 0x75cb286830f09c274820a4055614d91d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    EAP-Message = 0x010503fc194001050500307f310b300906035504061302504c311430120603550408130b6d617a6f776965636b69653112301006035504071309536f636861637a65773111300f060355040a1308696e746572646f6d311d301b06092a864886f70d010901160e61646d696e4065736f63682e706c311430120603550403130b496e746572646f6d204341301e170d3131303932393039313230395a170d3231303932363039313230395a307f310b300906035504061302504c311430120603550408130b6d617a6f776965636b69653112301006035504071309536f636861637a65773111300f060355040a1308696e746572646f6d311d301b0609
    EAP-Message = 0x2a864886f70d010901160e61646d696e4065736f63682e706c311430120603550403130b496e746572646f6d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c45ef4d89c002bf05a26ad6d535c07f607f94e2ab9823b93cc4a510d6084468d06821e082abb9a0943d29edf13ab653c87e1114a1a25697a7167353bcced0f061a311032070ffb846fa3f65fd18e9eda06985a2d9d09ad3fabc7a3c3f07631aaabf179a116c283d3e8d0c4a644f2fe530a681965b9d4f673ac75a27a1c67d83d3a6c176dd039cd918cba5dc0d65594c9801710544c5487f02a69ef13f49c3989c42ac1bd6286f61c33d1c1bc1f
    EAP-Message = 0xae8f40f8f08f8169660f619e9f6632481b99b1ca41657f2945b2209942bf8d414cead3394b04ef33a8610eef31b58699ada1a07665574d58759b7a08a637afe65e45d63388743772937dff3ca1f698095643830203010001a381e63081e3301d0603551d0e04160414366e6238c687683e58e06eee621825a9ac3977f53081b30603551d230481ab3081a88014366e6238c687683e58e06eee621825a9ac3977f5a18184a48181307f310b300906035504061302504c311430120603550408130b6d617a6f776965636b69653112301006035504071309536f636861637a65773111300f060355040a1308696e746572646f6d311d301b06092a864886
    EAP-Message = 0xf70d010901160e61646d696e4065736f63682e706c311430120603550403130b496e746572646f6d204341820900b7c0356a6b139edb300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b090c381952023c553677745ee1328ac82c85c207a7cc05090a1ef5adb2d55def54fc81f25d155c9af4a6123f937267ee4b8649f46b400e16c1928cd55c558d0b89a0ecc1239b0ee0e0d49796170e2de088beee6c8c1fe8b1fe10304706c03f5d0af008dec25bc03c326ebc6891c4018ed4f2c2f1320b05fb4b5ac90ca1b25d912260913b9fbdc0cac293ff39dfbe16e7d065990a6253408b501caf04bdc9f3d1bce6fb3b5
    EAP-Message = 0x83c08db3b184ace8
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb7131d6f212f025cd9d0b62c3cb
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=87
Cleaning up request 3 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb7131d6f212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb7131d6f212f025cd9d0b62c3cb
    EAP-Message = 0x020500061900
    Message-Authenticator = 0x716d668155c5aaf9add0240a8fcb7e1b
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    EAP-Message = 0x010600621900615c84a98de4a342a8434e6dd50f0d5fd1e594e58ec91f25e49fe86dae293dcc438aed9f91623aeacbcfb6279954abd59d7aa7a656112f67692ab5efdd0a7f9773ea90275eb0b6f93571c19f84298bef9bd66616030100040e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb7136d5f212f025cd9d0b62c3cb
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=419
Cleaning up request 4 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb7136d5f212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb7136d5f212f025cd9d0b62c3cb
    EAP-Message = 0x0206015019800000014616030101061000010201005b1d1cf85d298c8707ba31d3e018e537d113dc4b95a0fb4605ff618bfc290628c8a29890779f7759b2a69abebe49d126fbe474ef5e958797b9cb1d4b5674384a0a25cffd4be9d4523dc4b27ee05d9f0d002922797000e55a73a3ada463bc4abfa22051179849bc8c76f4dff0288b5ea0c1919ab52b1104ecb2e5fd04d7a90edc09e1d9e411d7ae5a19c6c893ccefdf053fc33aebb65b084002bbe373651d99a9ce7fcc13aa1e032485abcec554dd467be37f3dd81a8d4853008fd894ad4e5e214058efdce5f66ccba75f14195cd5820444e97889aaea103f6b3ce821736627a21998b819f9ae954f
    EAP-Message = 0xec5110c8513a6ef4929e26b092201c67b41c8ae8b4ca16ad14030100010116030100309ee1816fe06eec89e78dfd2b38714b5fe12e59906bdab44c6a521b938aad0053e80e01b03aebb805f9fa574477742e06
    Message-Authenticator = 0x3aeaef6bd6328292849ac4e9c844e2f1
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    EAP-Message = 0x01070041190014030100010116030100307ea82cb19142c8b7c1a189a00069342b003f7538b4f2f371e4f36d3b8bed65713c6f83933f476146c6f50cf57c8d11e5
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb7137d4f212f025cd9d0b62c3cb
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=87
Cleaning up request 5 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb7137d4f212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb7137d4f212f025cd9d0b62c3cb
    EAP-Message = 0x020700061900
    Message-Authenticator = 0x7f0ea26a86c0ca0d6387cd6fc7bb840d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    EAP-Message = 0x0108002b19001703010020d4a800218e95a4aa95f81623ef9254f8800851a393b1ad61d1e2a3afb98a5f96
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb7134dbf212f025cd9d0b62c3cb
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=124
Cleaning up request 6 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb7134dbf212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb7134dbf212f025cd9d0b62c3cb
    EAP-Message = 0x0208002b1900170301002074f256e297042fa2a1047c094eaab5aea86a2d1ae04d6c311953f1daeabad356
    Message-Authenticator = 0xa85dd85a15c77a70a2ac0669f1c48d19
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - ala
[peap] Got inner identity 'ala'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
    EAP-Message = 0x0208000801616c61
server  {
  PEAP: Setting User-Name to ala
Sending tunneled request
    EAP-Message = 0x0208000801616c61
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "ala"
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry ala at line 4
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    EAP-Message = 0x0109001d1a0109001810d83d3b3d85dee4eab3a1663d233e2ed0616c61
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x49bd405949b45a67712885d5b136c958
[peap] Got tunneled reply RADIUS code 11
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    EAP-Message = 0x0109001d1a0109001810d83d3b3d85dee4eab3a1663d233e2ed0616c61
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x49bd405949b45a67712885d5b136c958
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    EAP-Message = 0x0109003b190017030100300b1c523cd0b69089c44c047a205a03ded3a417f8b2cf415fada46054f75caab7716ed04a7a7a905d766c139295abf009
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb7135daf212f025cd9d0b62c3cb
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=172
Cleaning up request 7 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb7135daf212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb7135daf212f025cd9d0b62c3cb
    EAP-Message = 0x0209005b1900170301005042397dde418018f41636393b00f99c96b316739b0eb872f2d8d11d3b7901da07d8dc19893e8f2634766fdc18cbb3b4b5d119b79da2da7ee41ca5edef06f9f7d32f2a6c437e671afb817dcc514c2e8c57
    Message-Authenticator = 0x178af316603751cd64b13b71e5582104
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 91
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
    EAP-Message = 0x0209003e1a02090039317c3e9dfafbce4af7e0a62d26c3eb81aa0000000000000000ca32a1b04e0e32ff8191601786a532c96db2d18b8b80a68100616c61
server  {
  PEAP: Setting User-Name to ala
Sending tunneled request
    EAP-Message = 0x0209003e1a02090039317c3e9dfafbce4af7e0a62d26c3eb81aa0000000000000000ca32a1b04e0e32ff8191601786a532c96db2d18b8b80a68100616c61
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "ala"
    State = 0x49bd405949b45a67712885d5b136c958
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 62
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry ala at line 4
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: ala
[mschap] Told to do MS-CHAPv2 for ala with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success 
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    EAP-Message = 0x010a00331a0309002e533d32343734454446324143393941304345313438373145344542333345354337384341344538393837
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x49bd405948b75a67712885d5b136c958
[peap] Got tunneled reply RADIUS code 11
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    EAP-Message = 0x010a00331a0309002e533d32343734454446324143393941304345313438373145344542333345354337384341344538393837
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x49bd405948b75a67712885d5b136c958
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    EAP-Message = 0x010a005b190017030100508b3f5de36bcb74477feb1a601a5720bcff9d50a257f94cb5cfd3661d1d4d5457b74841d2016d411a0e61fd10a5fbc8eb8f5f94580eff800ede768f3774cd55de74ff6dc8bd23d455120d6ac591fbb812
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb713ad9f212f025cd9d0b62c3cb
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=124
Cleaning up request 8 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb713ad9f212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb713ad9f212f025cd9d0b62c3cb
    EAP-Message = 0x020a002b190017030100207ba38fdce18a7916b75aa2c9882d1857485013a31f00cbbc48e578ae7206d2f4
    Message-Authenticator = 0x82469caf3be9549b326e0c90cd71dc6c
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
    EAP-Message = 0x020a00061a03
server  {
  PEAP: Setting User-Name to ala
Sending tunneled request
    EAP-Message = 0x020a00061a03
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "ala"
    State = 0x49bd405948b75a67712885d5b136c958
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 10 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry ala at line 4
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    MS-MPPE-Encryption-Policy = 0x00000001
    MS-MPPE-Encryption-Types = 0x00000006
    MS-MPPE-Send-Key = 0xcddb8673b8b1d7591cc89c2c21899718
    MS-MPPE-Recv-Key = 0x8620154d4a1482d5e29a641174e3f8f1
    EAP-Message = 0x030a0004
    Message-Authenticator = 0x00000000000000000000000000000000
    User-Name = "ala"
[peap] Got tunneled reply RADIUS code 2
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    MS-MPPE-Encryption-Policy = 0x00000001
    MS-MPPE-Encryption-Types = 0x00000006
    MS-MPPE-Send-Key = 0xcddb8673b8b1d7591cc89c2c21899718
    MS-MPPE-Recv-Key = 0x8620154d4a1482d5e29a641174e3f8f1
    EAP-Message = 0x030a0004
    Message-Authenticator = 0x00000000000000000000000000000000
    User-Name = "ala"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.21.6.8 port 49155
    EAP-Message = 0x010b002b190017030100206b3fbae34e9786add3995cb73d94fd65823952d2aa50700d47f4d3911b33ce45
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x32d3eb713bd8f212f025cd9d0b62c3cb
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.21.6.8 port 49155, id=0, length=124
Cleaning up request 9 ID 0 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x32d3eb713bd8f212 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    NAS-IP-Address = 172.21.6.8
    NAS-Port-Type = Ethernet
    NAS-Port = 1
    User-Name = "ala"
    State = 0x32d3eb713bd8f212f025cd9d0b62c3cb
    EAP-Message = 0x020b002b19001703010020b40d2dedc1ea36d1071699a322b98141c4812a10338f584a76fea9feb7769ec1
    Message-Authenticator = 0x4b8338811e080da347236ddf4994cde9
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ala", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    User-Name = "ala"
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 0 to 172.21.6.8 port 49155
    Tunnel-Medium-Type:0 := IEEE-802
    Tunnel-Private-Group-Id:0 := "33"
    Tunnel-Type:0 := VLAN
    User-Name = "ala"
    MS-MPPE-Recv-Key = 0x0e2fd585862f9e98346b7159d3447b6aed2d4aff664ba904da8eb335005c0eca
    MS-MPPE-Send-Key = 0xfb69cba464c569bf3ebc2e291843953a1ff72775b0e95a8638da90f280827d83
    EAP-Message = 0x030b0004
    Message-Authenticator = 0x00000000000000000000000000000000
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.

Offline

 

 

Strony: 1

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
To nie jest tylko forum, to nasza mała ojczyzna ;-)