help !something about hostap-xsupplicant-freeradius!!

tan keen keentan_coldfire at yahoo.com.cn
Tue Mar 25 08:11:14 EST 2003


hi, 

i just do it all follow 

1)HOWTO on EAP/TLS authentication between freeRadius and xsupplicant(http://www.missl.cs.umd.edu/wireless/eaptls/)   ,  

 2)  README_prism2.htm 

to build a wlan using 802.1x . (two pc running linux RedHat 7.2  ; AP and FreeRadius are in one pc)

   i finish those work sugesting in the above two document and i have changed the ATTR_FRAMED_MTU value in ieee802_1x.c file to 1500 from 2304., but i can not  be authoried by AP successfully.  

  where is my error come from ?  Can anyone told me? thank you!!

========================

######xsupplicant -i wlan0

   i got this :  failed to verify cert error : Certificate has expired

================================

######./hostapd -dd -x -o 192.168.2.155 -a 192.168.2.155  -s whatever wlan0

i got :EEE 802.1X: 4 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=1 length=0
   EAPOL-Start
IEEE 802.1X: 00:40:05:af:05:2e AUTH_PAE entering state CONNECTING
IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:af:05:2e (identifier 1)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 49 bytes management frame
DATA
IEEE 802.1X: 17 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=0 length=13
   EAP: code=2 identifier=1 length=13 (response)
   EAP Response-Identity
IEEE 802.1X: 00:40:05:af:05:2e AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=154
   Attribute 1 (User-Name) length=10
      Value: 'adam-ctl'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.2.155
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=24
      Value: '00-40-05-AF-05-14:test'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-40-05-AF-05-2E'
   Attribute 12 (Framed-MTU) length=6
      Value: 1500
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=15
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 84 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=84
   Attribute 79 (EAP-Message) length=8
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 2)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 98 bytes management frame
DATA
IEEE 802.1X: 66 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=0 length=62
   EAP: code=2 identifier=2 length=62 (response)
   EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=241
   Attribute 1 (User-Name) length=10
      Value: 'adam-ctl'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.2.155
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=24
      Value: '00-40-05-AF-05-14:test'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-40-05-AF-05-2E'
   Attribute 12 (Framed-MTU) length=6
      Value: 1500
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=64
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1120
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=24
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 3)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=0 length=6
   EAP: code=2 identifier=3 length=6 (response)
   EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=185
   Attribute 1 (User-Name) length=10
      Value: 'adam-ctl'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.2.155
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=24
      Value: '00-40-05-AF-05-14:test'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-40-05-AF-05-2E'
   Attribute 12 (Framed-MTU) length=6
      Value: 1500
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 60 bytes management frame
MGMT
mgmt::beacon
Received 1120 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1120
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=255
   Attribute 79 (EAP-Message) length=24
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 4)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 42 bytes management frame
DATA
IEEE 802.1X: 10 bytes from 00:40:05:af:05:2e
   IEEE 802.1X: version=1 type=0 length=6
   EAP: code=2 identifier=4 length=6 (response)
   EAP Response-TLS
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=185
   Attribute 1 (User-Name) length=10
      Value: 'adam-ctl'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.2.155
   Attribute 5 (NAS-Port) length=6
      Value: 1
   Attribute 30 (Called-Station-Id) length=24
      Value: '00-40-05-AF-05-14:test'
   Attribute 31 (Calling-Station-Id) length=19
      Value: '00-40-05-AF-05-2E'
   Attribute 12 (Framed-MTU) length=6
      Value: 1500
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
   Attribute 24 (State) length=38
   Attribute 80 (Message-Authenticator) length=18
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 267 bytes from authentication server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=267
   Attribute 79 (EAP-Message) length=191
   Attribute 80 (Message-Authenticator) length=18
   Attribute 24 (State) length=38
RADIUS packet matching with station 00:40:05:af:05:2e
IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 5)
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE
Received 60 bytes management frame
MGMT
mgmt::beacon
Received 60 bytes management frame
MGMT
mgmt::beacon
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations

 

=======================================

#######run-radius -X -A  

i got:

   Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/radius/etc/raddb/proxy.conf
Config:   including file: /usr/local/radius/etc/raddb/clients.conf
Config:   including file: /usr/local/radius/etc/raddb/snmp.conf
Config:   including file: /usr/local/radius/etc/raddb/sql.conf
 main: prefix = "/usr/local/radius"
 main: localstatedir = "/usr/local/radius/var"
 main: logdir = "/usr/local/radius/var/log/radius"
 main: libdir = "/usr/local/radius/lib"
 main: radacctdir = "/usr/local/radius/var/log/radius/radacct"
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/radius/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/radius/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: ignore_password = no
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = "/etc/passwd"
 unix: shadow = "/etc/shadow"
 unix: group = "/etc/group"
 unix: radwtmp = "/usr/local/radius/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded eap 
 eap: default_eap_type = "tls"
 eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
rlm_eap: Loaded and initialized the type leap
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc/1x/r/cert-srv.pem"
 tls: certificate_file = "/etc/1x/r/cert-srv.pem"
 tls: CA_file = "/etc/1x/r/root.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/etc/1x/r/dh"
 tls: random_file = "/etc/1x/r/random"
 tls: fragment_size = 1024
 tls: include_length = yes
rlm_eap_tls: conf N ctx stored 
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/radius/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/usr/local/radius/etc/raddb/users"
 files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users"
 files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded detail 
 detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/usr/local/radius/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.155:1386, id=0, length=154
 User-Name = "adam-ctl"
 NAS-IP-Address = 192.168.2.155
 NAS-Port = 1
 Called-Station-Id = "00-40-05-AF-05-14:test"
 Calling-Station-Id = "00-40-05-AF-05-2E"
 Framed-MTU = 1500
 NAS-Port-Type = Wireless-802.11
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message = 0x0201000d016164616d2d63746c
 Message-Authenticator = 0x1d2a7f0c2d0c4f1c71a1005ecae2ab7b
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  rlm_eap: EAP packet type notification id 1 length 13
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "adam-ctl", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched adam-ctl at 97
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
  rlm_eap: EAP packet type notification id 1 length 13
  rlm_eap: processing type tls
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 0 to 192.168.2.155:1386
 EAP-Message = 0x010200060d20
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x1de79609653047a7e65e103f693ea0597f1f803ef7585dcdd2d3c255fe999d0b2d0dd409
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.155:1386, id=1, length=241
 User-Name = "adam-ctl"
 NAS-IP-Address = 192.168.2.155
 NAS-Port = 1
 Called-Station-Id = "00-40-05-AF-05-14:test"
 Calling-Station-Id = "00-40-05-AF-05-2E"
 Framed-MTU = 1500
 NAS-Port-Type = Wireless-802.11
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message = 0x0202003e0d8000000034160301002f0100002b03013e801df2e50144f
 State = 0x1de79609653047a7e65e103f693ea0597f1f803ef7585dcdd2d3c255fe999d0b2d0dd409
 Message-Authenticator = 0x83283f64915512a8aa1c3832735d8621
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  rlm_eap: EAP packet type notification id 2 length 62
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "adam-ctl", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched adam-ctl at 97
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
  rlm_eap: EAP packet type notification id 2 length 62
  rlm_eap: Request found, released from the list
  rlm_eap: EAP_TYPE - tls
  rlm_eap: processing type tls
rlm_eap_tls:  Length Included
undefined: before/accept initialization 
TLS_accept: before/accept initialization 
<<< TLS 1.0 Handshake [length 002f], ClientHello

TLS_accept: SSLv3 read client hello A 
>>> TLS 1.0 Handshake [length 004a], ServerHello

TLS_accept: SSLv3 write server hello A 
>>> TLS 1.0 Handshake [length 07aa], Certificate

TLS_accept: SSLv3 write certificate A 
>>> TLS 1.0 Handshake [length 00b0], CertificateRequest

TLS_accept: SSLv3 write certificate request A 
TLS_accept: SSLv3 flush data 
TLS_accept:error in SSLv3 read client certificate A 
rlm_eap_tls: SSL_read Error
 Error code is ..... 2 
 SSL Error ..... 2 
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 1 to 192.168.2.155:1386
 EAP-Message = 0x0103040a0dc0000008b3160301004a0200004603013e801f7f0110ec0e4c343049dc7714a3686a845487a1a1b736f5f6af0b7a1bdc204613e53a6ba3c2d5d586ab637b12b5fd73c92d04ec9bcb538b44ff887566e58100040016030107aa0b0007a60007a30003e6308203e23082034ba003020102020102300d06092a864886f70d010104050030819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c3112301006035504031309
 EAP-Message = 0x6164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e656475301e170d3032303232383038343030375a170d3033303232383038343030375a3081a0310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c311430120603550403130b6164616d2d7365727665723120301e06092a864886f70d01090116116164616d40636661722e756d642e65647530819f300d06092a864886f70d0101
 EAP-Message = 0x01050003818d0030818902818100bb02c243540c09a20d64a5c8c29bca7727f62a6432265c38fd4900392d5754469617386e959cb43eee77cc98a80c1e8fcfda55813115edc142141b953b5771b79e1a32bbdc2f3b1d0046082db28fe553631f83cd21411388949432c3b0d96cd77c046b32284a939240555ba0a8f38320b0921ef5c8b3cd1a9fadee9c3256c6e50203010001a382012a3082012630090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414c66c3206e508b305c2353cae6192e9d21dd6b12c3081cb0603551d230481
 EAP-Message = 0xc33081c080146f89584e55edc5d0e6bd2d8b80fe919605897694a181a4a481a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e656475820100300d06092a864886f70d01010405000381810002a0ec352165caeffc552e1476b8d0912997c06f287732c00a5b8373d3f2e1f1a985f1851cd3
 EAP-Message = 0xbc7abb38a7d905daa7abb2ae4cbcb6877e437e8be10d
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x10fdcee015541c23f6667595678bf5127f1f803ea5d31079e0f98191138d8122ab4eafc0
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.155:1386, id=2, length=185
 User-Name = "adam-ctl"
 NAS-IP-Address = 192.168.2.155
 NAS-Port = 1
 Called-Station-Id = "00-40-05-AF-05-14:test"
 Calling-Station-Id = "00-40-05-AF-05-2E"
 Framed-MTU = 1500
 NAS-Port-Type = Wireless-802.11
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message = 0x020300060d00
 State = 0x10fdcee015541c23f6667595678bf5127f1f803ea5d31079e0f98191138d8122ab4eafc0
 Message-Authenticator = 0xee6fbaa0944c0ed3a7262ada9cf8f33c
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  rlm_eap: EAP packet type notification id 3 length 6
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "adam-ctl", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched adam-ctl at 97
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
  rlm_eap: EAP packet type notification id 3 length 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP_TYPE - tls
  rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 2 to 192.168.2.155:1386
 EAP-Message = 0x0104040a0dc0000008b393b9c3a5d96464990a2c72c0efdcd5e5fe040d41a1b4c426acb573ac968e7208d06cfe81b4cf79655a134275d844fc53d6b3a55fdcd5fac17fcee0aa86d3338e9fbc2acc0003b7308203b33082031ca003020102020100300d06092a864886f70d010104050030819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d0109
 EAP-Message = 0x0116116164616d40636661722e756d642e656475301e170d3032303232383038333834345a170d3033303232383038333834345a30819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e65647530819f300d06092a864886f70d010101050003818d0030818902818100b76856cbfed7232ee45c3e
 EAP-Message = 0xd43f8040e993252d513b9a045d14f5b7517dba75ea2fb28301f43e365bf24d708896b46b48436b17bcc6373878fb2c92c6355ecefda18e4a6f9b3d22da693e8710841074aba5f4711738aa23248cae7f14eca024366572eefdbf72549e937c977a2ceac764a2c95da163e5c0596e6cb092b4ae11dd0203010001a381fe3081fb301d0603551d0e041604146f89584e55edc5d0e6bd2d8b80fe9196058976943081cb0603551d230481c33081c080146f89584e55edc5d0e6bd2d8b80fe919605897694a181a4a481a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c6567
 EAP-Message = 0x65205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e656475820100300c0603551d13040530030101ff300d06092a864886f70d010104050003818100450e6fd396fb46ec1d9820542ecf1d75363f08b2cc07cb84b6d7451aff714c7a775d3bf1666973fb0c35e7cfd6c31a179d70c085bc459ba1294c1dca22cb9273c76c3b12f519a74318c3ae0d7705d32cfdf75ad32a597fbde29a2780c102ec0751a1adefff8ad463c1f5a175
 EAP-Message = 0x313c998a42537e8114e0bba00898c9963931d64d1603
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x9aa445bba75b34a90f20258ea68c699c7f1f803e8e78ac8f7f23c1824f6cae6b45accbd6
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.155:1386, id=3, length=185
 User-Name = "adam-ctl"
 NAS-IP-Address = 192.168.2.155
 NAS-Port = 1
 Called-Station-Id = "00-40-05-AF-05-14:test"
 Calling-Station-Id = "00-40-05-AF-05-2E"
 Framed-MTU = 1500
 NAS-Port-Type = Wireless-802.11
 Connect-Info = "CONNECT 11Mbps 802.11b"
 EAP-Message = 0x020400060d00
 State = 0x9aa445bba75b34a90f20258ea68c699c7f1f803e8e78ac8f7f23c1824f6cae6b45accbd6
 Message-Authenticator = 0xde7c08fcf4e7d793c64b85c841c10ba8
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  rlm_eap: EAP packet type notification id 4 length 6
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "adam-ctl", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched adam-ctl at 97
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
  rlm_eap: EAP packet type notification id 4 length 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP_TYPE - tls
  rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 3 to 192.168.2.155:1386
 EAP-Message = 0x010500bd0d80000008b30100b00d0000a802010200a300a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e6564750e000000
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x533810a9d53f5cb5ba30e1deb2e11b087f1f803eeffd5b19b9da4a6ed461106596b191a7
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 3e801f7f
Cleaning up request 1 ID 1 with timestamp 3e801f7f
Cleaning up request 2 ID 2 with timestamp 3e801f7f
Cleaning up request 3 ID 3 with timestamp 3e801f7f
Nothing to do.  Sleeping until we see a request.

=========================

it seem ok ,but xsupplicant  cant be authoried by AP!

what the problem ? i need your help!




---------------------------------
Do You Yahoo!?
"雅虎通网络KTV, 随时随地免费卡拉OK~~"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20030325/832d56e6/attachment.htm 


More information about the HostAP mailing list