<P>hi, </P>
<P>i just do it all follow </P>
<P>1)HOWTO on EAP/TLS authentication between freeRadius and xsupplicant(<A href="http://www.missl.cs.umd.edu/wireless/eaptls/">http://www.missl.cs.umd.edu/wireless/eaptls/</A>) , </P>
<P> 2) README_prism2.htm </P>
<P>to build a wlan using 802.1x . (two pc running linux RedHat 7.2 ; AP and FreeRadius are in one pc)</P>
<P> i finish those work sugesting in the above two document and i have changed the ATTR_FRAMED_MTU value in ieee802_1x.c file to 1500 from 2304., but i can not be authoried by AP successfully. </P>
<P> where is my error come from ? Can anyone told me? thank you!!</P>
<P>========================</P>
<P>######xsupplicant -i wlan0</P>
<P> i got this : failed to verify cert error : Certificate has expired</P>
<P>================================</P>
<P>######./hostapd -dd -x -o 192.168.2.155 -a 192.168.2.155 -s whatever wlan0</P>
<P>i got :EEE 802.1X: 4 bytes from 00:40:05:af:05:2e<BR> IEEE 802.1X: version=1 type=1 length=0<BR> EAPOL-Start<BR>IEEE 802.1X: 00:40:05:af:05:2e AUTH_PAE entering state CONNECTING<BR>IEEE 802.1X: Sending EAP Request-Identity to 00:40:05:af:05:2e (identifier 1)<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 49 bytes management frame<BR>DATA<BR>IEEE 802.1X: 17 bytes from 00:40:05:af:05:2e<BR> IEEE 802.1X: version=1 type=0 length=13<BR> EAP: code=2 identifier=1 length=13 (response)<BR> EAP Response-Identity<BR>IEEE 802.1X: 00:40:05:af:05:2e AUTH_PAE entering state AUTHENTICATING<BR>IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE<BR>Encapsulating EAP message into a RADIUS packet<BR>Sending RADIUS message to authentication server<BR>RADIUS message: code=1 (Access-Request) identifier=0 length=154<!
BR> Attribute 1 (User-Name) length=10<BR> Value: 'adam-ctl'<BR> Attribute 4 (NAS-IP-Address) length=6<BR> Value: 192.168.2.155<BR> Attribute 5 (NAS-Port) length=6<BR> Value: 1<BR> Attribute 30 (Called-Station-Id) length=24<BR> Value: '00-40-05-AF-05-14:test'<BR> Attribute 31 (Calling-Station-Id) length=19<BR> Value: '00-40-05-AF-05-2E'<BR> Attribute 12 (Framed-MTU) length=6<BR> Value: 1500<BR> Attribute 61 (NAS-Port-Type) length=6<BR> Value: 19<BR> Attribute 77 (Connect-Info) length=24<BR> Value: 'CONNECT 11Mbps 802.11b'<BR> Attribute 79 (EAP-Message) length=15<BR> Attribute 80 (Message-Authenticator) length=18<BR>IEEE 8!
02.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEE
E 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 84 bytes from authentication server<BR>Received RADIUS message<BR>RADIUS message: code=11 (Access-Challenge) identifier=0 length=84<BR> Attribute 79 (EAP-Message) length=8<BR> Attribute 80 (Message-Authenticator) length=18<BR> Attribute 24 (State) length=38<BR>RADIUS packet matching with station 00:40:05:af:05:2e<BR>IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST<BR>IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 2)<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 98 bytes management frame<BR>DATA<BR>IEEE 802.1X: 66 bytes from 00:40:05:af:05:2e<BR> IEEE 802.1X: version=1 type=0 length=62<BR> EAP: code=2 identifier=2 length=62 (response)<BR> EAP Response-TLS<BR>IEEE 802.1X: 00:40:05:af:05:2!
e BE_AUTH entering state RESPONSE<BR>Encapsulating EAP message into a RADIUS packet<BR>Sending RADIUS message to authentication server<BR>RADIUS message: code=1 (Access-Request) identifier=1 length=241<BR> Attribute 1 (User-Name) length=10<BR> Value: 'adam-ctl'<BR> Attribute 4 (NAS-IP-Address) length=6<BR> Value: 192.168.2.155<BR> Attribute 5 (NAS-Port) length=6<BR> Value: 1<BR> Attribute 30 (Called-Station-Id) length=24<BR> Value: '00-40-05-AF-05-14:test'<BR> Attribute 31 (Calling-Station-Id) length=19<BR> Value: '00-40-05-AF-05-2E'<BR> Attribute 12 (Framed-MTU) length=6<BR> Value: 1500<BR> Attribute 61 (NAS-Port-Type) length=6<BR> Value: 19<BR> Attribute 77 (Connect-Info)!
length=24<BR> Value: 'CONNECT 11Mbps 80
2.11b'<BR> Attribute 79 (EAP-Message) length=64<BR> Attribute 24 (State) length=38<BR> Attribute 80 (Message-Authenticator) length=18<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 1120 bytes from authentication server<BR>Received RADIUS message<BR>RADIUS message: code=11 (Access-Challenge) identifier=1 length=1120<BR> Attribute 79 (EAP-Message) length=255<BR> Attribute 79 (EAP-Message) length=255<BR> Attribute 79 (EAP-Message) length=255<BR> Attribute 79 (EAP-Message) length=255<BR> Attribute 79 (EAP-Message) length=24<BR> Attribute 80 (Message-Authenticator) length=18<BR> Attribute 24 (State) length=38<BR>RADIUS packet matching with station 00:40:05:af:05:2e<BR>IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST<BR>IEEE 802.1X: Sending !
EAP Packet to 00:40:05:af:05:2e (identifier 3)<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 42 bytes management frame<BR>DATA<BR>IEEE 802.1X: 10 bytes from 00:40:05:af:05:2e<BR> IEEE 802.1X: version=1 type=0 length=6<BR> EAP: code=2 identifier=3 length=6 (response)<BR> EAP Response-TLS<BR>IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state RESPONSE<BR>Encapsulating EAP message into a RADIUS packet<BR>Sending RADIUS message to authentication server<BR>RADIUS message: code=1 (Access-Request) identifier=2 length=185<BR> Attribute 1 (User-Name) length=10<BR> Value: 'adam-ctl'<BR> Attribute 4 (NAS-IP-Address) length=6<BR> Value: 192.168.2.155<BR> Attribute 5 (NAS-Port) length=6<BR> Value: 1<BR> !
Attribute 30 (Called-Station-Id) length=24<BR>
Value: '00-40-05-AF-05-14:test'<BR> Attribute 31 (Calling-Station-Id) length=19<BR> Value: '00-40-05-AF-05-2E'<BR> Attribute 12 (Framed-MTU) length=6<BR> Value: 1500<BR> Attribute 61 (NAS-Port-Type) length=6<BR> Value: 19<BR> Attribute 77 (Connect-Info) length=24<BR> Value: 'CONNECT 11Mbps 802.11b'<BR> Attribute 79 (EAP-Message) length=8<BR> Attribute 24 (State) length=38<BR> Attribute 80 (Message-Authenticator) length=18<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 60 bytes management frame<BR>MGMT<BR>mgmt::beacon<BR>Received 1120 bytes from authentication server<BR>Received RADIUS message<BR>RADIUS message: code=11 (Access-Challenge) identifier=2 length=1!
120<BR> Attribute 79 (EAP-Message) length=255<BR> Attribute 79 (EAP-Message) length=255<BR> Attribute 79 (EAP-Message) length=255<BR> Attribute 79 (EAP-Message) length=255<BR> Attribute 79 (EAP-Message) length=24<BR> Attribute 80 (Message-Authenticator) length=18<BR> Attribute 24 (State) length=38<BR>RADIUS packet matching with station 00:40:05:af:05:2e<BR>IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST<BR>IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 4)<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 42 bytes management frame<BR>DATA<BR>IEEE 802.1X: 10 bytes from 00:40:05:af:05:2e<BR> IEEE 802.1X: version=1 type=0 length=6<BR> EAP: code=2 identifier=4 length=6 (response)<BR> EAP Response-TLS<BR>IEEE 802.1X: 00:40:0!
5:af:05:2e BE_AUTH entering state RESPONSE<BR>Encapsulating EAP messag
e into a RADIUS packet<BR>Sending RADIUS message to authentication server<BR>RADIUS message: code=1 (Access-Request) identifier=3 length=185<BR> Attribute 1 (User-Name) length=10<BR> Value: 'adam-ctl'<BR> Attribute 4 (NAS-IP-Address) length=6<BR> Value: 192.168.2.155<BR> Attribute 5 (NAS-Port) length=6<BR> Value: 1<BR> Attribute 30 (Called-Station-Id) length=24<BR> Value: '00-40-05-AF-05-14:test'<BR> Attribute 31 (Calling-Station-Id) length=19<BR> Value: '00-40-05-AF-05-2E'<BR> Attribute 12 (Framed-MTU) length=6<BR> Value: 1500<BR> Attribute 61 (NAS-Port-Type) length=6<BR> Value: 19<BR> Attribute 77 (Connect-Info) length=24<BR> Value: 'CONNECT 1!
1Mbps 802.11b'<BR> Attribute 79 (EAP-Message) length=8<BR> Attribute 24 (State) length=38<BR> Attribute 80 (Message-Authenticator) length=18<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 267 bytes from authentication server<BR>Received RADIUS message<BR>RADIUS message: code=11 (Access-Challenge) identifier=3 length=267<BR> Attribute 79 (EAP-Message) length=191<BR> Attribute 80 (Message-Authenticator) length=18<BR> Attribute 24 (State) length=38<BR>RADIUS packet matching with station 00:40:05:af:05:2e<BR>IEEE 802.1X: 00:40:05:af:05:2e BE_AUTH entering state REQUEST<BR>IEEE 802.1X: Sending EAP Packet to 00:40:05:af:05:2e (identifier 5)<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>IEEE 802.1X: 00:40:05:af:05:2e REAUTH_TIMER entering state INITIALIZE<BR>Received 60 b!
ytes management frame<BR>MGMT<BR>mgmt::beacon<BR>Received 60 bytes man
agement frame<BR>MGMT<BR>mgmt::beacon<BR>Signal 2 received - terminating<BR>Flushing old station entries<BR>Deauthenticate all stations</P>
<P> </P>
<P>=======================================</P>
<P>#######run-radius -X -A </P>
<P>i got:</P>
<P> Starting - reading configuration files ...<BR>reread_config: reading radiusd.conf<BR>Config: including file: /usr/local/radius/etc/raddb/proxy.conf<BR>Config: including file: /usr/local/radius/etc/raddb/clients.conf<BR>Config: including file: /usr/local/radius/etc/raddb/snmp.conf<BR>Config: including file: /usr/local/radius/etc/raddb/sql.conf<BR> main: prefix = "/usr/local/radius"<BR> main: localstatedir = "/usr/local/radius/var"<BR> main: logdir = "/usr/local/radius/var/log/radius"<BR> main: libdir = "/usr/local/radius/lib"<BR> main: radacctdir = "/usr/local/radius/var/log/radius/radacct"<BR> main: hostname_lookups = no<BR> main: snmp = no<BR> main: max_request_time = 30<BR> main: cleanup_delay = 5<BR> main: max_requests = 1024<BR> main: delete_blocked_requests = 0<BR> main: port = 0<BR> main: allow_core_dumps = no<BR> main: log_strippe!
d_names = no<BR> main: log_file = "/usr/local/radius/var/log/radius/radius.log"<BR> main: log_auth = no<BR> main: log_auth_badpass = no<BR> main: log_auth_goodpass = no<BR> main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"<BR> main: user = "(null)"<BR> main: group = "(null)"<BR> main: usercollide = no<BR> main: lower_user = "no"<BR> main: lower_pass = "no"<BR> main: nospace_user = "no"<BR> main: nospace_pass = "no"<BR> main: checkrad = "/usr/local/radius/sbin/checkrad"<BR> main: proxy_requests = yes<BR> proxy: retry_delay = 5<BR> proxy: retry_count = 3<BR> proxy: synchronous = no<BR> proxy: default_fallback = yes<BR> proxy: dead_time = 120<BR> proxy: post_proxy_authorize = yes<BR> security: max_attributes = 200<BR> security: reject_delay = 1<BR> security: status_server = no<BR> main: debug_level = 0<BR>read_config_files: reading diction!
ary<BR>read_config_files: reading naslist<BR>read_config_files:&
nbsp; reading clients<BR>read_config_files: reading realms<BR>radiusd: entering modules setup<BR>Module: Library search path is /usr/local/radius/lib<BR>Module: Loaded expr <BR>Module: Instantiated expr (expr) <BR>Module: Loaded PAP <BR> pap: encryption_scheme = "crypt"<BR>Module: Instantiated pap (pap) <BR>Module: Loaded CHAP <BR>Module: Instantiated chap (chap) <BR>Module: Loaded MS-CHAP <BR> mschap: ignore_password = no<BR> mschap: use_mppe = yes<BR> mschap: require_encryption = no<BR> mschap: require_strong = no<BR> mschap: passwd = "(null)"<BR> mschap: authtype = "MS-CHAP"<BR>Module: Instantiated mschap (mschap) <BR>Module: Loaded System <BR> unix: cache = no<BR> unix: passwd = "/etc/passwd"<BR> unix: shadow = "/etc/shadow"<BR> unix: group = "/etc/group"<BR> unix: radwtmp = "/usr/local/radius/var/log/radius/radwtmp"<BR> unix: usegroup = no<BR> unix: cache_reload = 600<BR>Module: Instantiat!
ed unix (unix) <BR>Module: Loaded eap <BR> eap: default_eap_type = "tls"<BR> eap: timer_expire = 60<BR>rlm_eap: Loaded and initialized the type md5<BR>rlm_eap: Loaded and initialized the type leap<BR> tls: rsa_key_exchange = no<BR> tls: dh_key_exchange = yes<BR> tls: rsa_key_length = 512<BR> tls: dh_key_length = 512<BR> tls: verify_depth = 0<BR> tls: CA_path = "(null)"<BR> tls: pem_file_type = yes<BR> tls: private_key_file = "/etc/1x/r/cert-srv.pem"<BR> tls: certificate_file = "/etc/1x/r/cert-srv.pem"<BR> tls: CA_file = "/etc/1x/r/root.pem"<BR> tls: private_key_password = "whatever"<BR> tls: dh_file = "/etc/1x/r/dh"<BR> tls: random_file = "/etc/1x/r/random"<BR> tls: fragment_size = 1024<BR> tls: include_length = yes<BR>rlm_eap_tls: conf N ctx stored <BR>rlm_eap: Loaded and initialized the type tls<BR>Module: Instantiated eap (eap) <BR>Module: Loaded preprocess <BR> preprocess: huntgrou!
ps = "/usr/local/radius/etc/raddb/huntgroups"<BR> preprocess: hin
ts = "/usr/local/radius/etc/raddb/hints"<BR> preprocess: with_ascend_hack = no<BR> preprocess: ascend_channels_per_line = 23<BR> preprocess: with_ntdomain_hack = no<BR> preprocess: with_specialix_jetstream_hack = no<BR> preprocess: with_cisco_vsa_hack = no<BR>Module: Instantiated preprocess (preprocess) <BR>Module: Loaded realm <BR> realm: format = "suffix"<BR> realm: delimiter = "@"<BR>Module: Instantiated realm (suffix) <BR>Module: Loaded files <BR> files: usersfile = "/usr/local/radius/etc/raddb/users"<BR> files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users"<BR> files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users"<BR> files: compat = "no"<BR>Module: Instantiated files (files) <BR>Module: Loaded Acct-Unique-Session-Id <BR> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"<BR>Module: Instantiated acct_unique (acct_unique) <BR>Module: Loade!
d detail <BR> detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<BR> detail: detailperm = 384<BR> detail: dirperm = 493<BR> detail: locking = no<BR>Module: Instantiated detail (detail) <BR>Module: Loaded radutmp <BR> radutmp: filename = "/usr/local/radius/var/log/radius/radutmp"<BR> radutmp: username = "%{User-Name}"<BR> radutmp: case_sensitive = yes<BR> radutmp: check_with_nas = yes<BR> radutmp: perm = 384<BR> radutmp: callerid = yes<BR>Module: Instantiated radutmp (radutmp) <BR>Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.<BR>Ready to process requests.<BR>rad_recv: Access-Request packet from host 192.168.2.155:1386, id=0, length=154<BR> User-Name = "adam-ctl"<BR> NAS-IP-Address = 192.168.2.155<BR> NAS-Port = 1<BR> Called-Station-Id = "00-40-05-AF-05-14:test"<BR> Calling-Station-Id = "00-40-05-AF-05-2E"<BR> Framed!
-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-
Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x0201000d016164616d2d63746c<BR> Message-Authenticator = 0x1d2a7f0c2d0c4f1c71a1005ecae2ab7b<BR>modcall: entering group authorize<BR> modcall[authorize]: module "preprocess" returns ok<BR>rlm_chap: Could not find proper Chap-Password attribute in request<BR> modcall[authorize]: module "chap" returns noop<BR> rlm_eap: EAP packet type notification id 1 length 13<BR> modcall[authorize]: module "eap" returns updated<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "adam-ctl", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop<BR> users: Matched adam-ctl at 97<BR> modcall[authorize]: module "files" returns ok<BR>modcall: group authorize returns updated<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR>modcall: entering group authenti!
cate<BR> rlm_eap: EAP packet type notification id 1 length 13<BR> rlm_eap: processing type tls<BR> modcall[authenticate]: module "eap" returns ok<BR>modcall: group authenticate returns ok<BR>Sending Access-Challenge of id 0 to 192.168.2.155:1386<BR> EAP-Message = 0x010200060d20<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x1de79609653047a7e65e103f693ea0597f1f803ef7585dcdd2d3c255fe999d0b2d0dd409<BR>Finished request 0<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.2.155:1386, id=1, length=241<BR> User-Name = "adam-ctl"<BR> NAS-IP-Address = 192.168.2.155<BR> NAS-Port = 1<BR> Called-Station-Id = "00-40-05-AF-05-14:test"<BR> Calling-Station-Id = "00-40-05-AF-05-2E"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR>&nb!
sp;EAP-Message = 0x0202003e0d8000000034160301002f0100002b03013e801df2e
50144f<BR> State = 0x1de79609653047a7e65e103f693ea0597f1f803ef7585dcdd2d3c255fe999d0b2d0dd409<BR> Message-Authenticator = 0x83283f64915512a8aa1c3832735d8621<BR>modcall: entering group authorize<BR> modcall[authorize]: module "preprocess" returns ok<BR>rlm_chap: Could not find proper Chap-Password attribute in request<BR> modcall[authorize]: module "chap" returns noop<BR> rlm_eap: EAP packet type notification id 2 length 62<BR> modcall[authorize]: module "eap" returns updated<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "adam-ctl", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop<BR> users: Matched adam-ctl at 97<BR> modcall[authorize]: module "files" returns ok<BR>modcall: group authorize returns updated<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR>modcall: entering!
group authenticate<BR> rlm_eap: EAP packet type notification id 2 length 62<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP_TYPE - tls<BR> rlm_eap: processing type tls<BR>rlm_eap_tls: Length Included<BR>undefined: before/accept initialization <BR>TLS_accept: before/accept initialization <BR><<< TLS 1.0 Handshake [length 002f], ClientHello</P>
<P>TLS_accept: SSLv3 read client hello A <BR>>>> TLS 1.0 Handshake [length 004a], ServerHello</P>
<P>TLS_accept: SSLv3 write server hello A <BR>>>> TLS 1.0 Handshake [length 07aa], Certificate</P>
<P>TLS_accept: SSLv3 write certificate A <BR>>>> TLS 1.0 Handshake [length 00b0], CertificateRequest</P>
<P>TLS_accept: SSLv3 write certificate request A <BR>TLS_accept: SSLv3 flush data <BR>TLS_accept:error in SSLv3 read client certificate A <BR>rlm_eap_tls: SSL_read Error<BR> Error code is ..... 2 <BR> SSL Error ..... 2 <BR> modcall[authenticate]: module "eap" returns ok<BR>modcall: group authenticate returns ok<BR>Sending Access-Challenge of id 1 to 192.168.2.155:1386<BR> EAP-Message = 0x0103040a0dc0000008b3160301004a0200004603013e801f7f0110ec0e4c343049dc7714a3686a845487a1a1b736f5f6af0b7a1bdc204613e53a6ba3c2d5d586ab637b12b5fd73c92d04ec9bcb538b44ff887566e58100040016030107aa0b0007a60007a30003e6308203e23082034ba003020102020102300d06092a864886f70d010104050030819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c3112301006035504031309<BR> EAP-Message = 0x6164616d2d726f6f743120301e06092a864886f70d010!
90116116164616d40636661722e756d642e656475301e170d3032303232383038343030375a170d3033303232383038343030375a3081a0310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c311430120603550403130b6164616d2d7365727665723120301e06092a864886f70d01090116116164616d40636661722e756d642e65647530819f300d06092a864886f70d0101<BR> EAP-Message = 0x01050003818d0030818902818100bb02c243540c09a20d64a5c8c29bca7727f62a6432265c38fd4900392d5754469617386e959cb43eee77cc98a80c1e8fcfda55813115edc142141b953b5771b79e1a32bbdc2f3b1d0046082db28fe553631f83cd21411388949432c3b0d96cd77c046b32284a939240555ba0a8f38320b0921ef5c8b3cd1a9fadee9c3256c6e50203010001a382012a3082012630090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414c66c3206e508b305c2353cae6192e9d21dd6b12c3081cb0603551d2!
30481<BR> EAP-Message = 0xc33081c080146f89584e55edc5d0e6bd2d8b80f
e919605897694a181a4a481a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e656475820100300d06092a864886f70d01010405000381810002a0ec352165caeffc552e1476b8d0912997c06f287732c00a5b8373d3f2e1f1a985f1851cd3<BR> EAP-Message = 0xbc7abb38a7d905daa7abb2ae4cbcb6877e437e8be10d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x10fdcee015541c23f6667595678bf5127f1f803ea5d31079e0f98191138d8122ab4eafc0<BR>Finished request 1<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.2.155:1386, id=2, length=185<BR> User-Name = "adam-ctl"<BR> NAS-IP-Address = 192.168.2.155<BR> NAS-Port = 1<BR> Called-Station-Id = "00-40!
-05-AF-05-14:test"<BR> Calling-Station-Id = "00-40-05-AF-05-2E"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x020300060d00<BR> State = 0x10fdcee015541c23f6667595678bf5127f1f803ea5d31079e0f98191138d8122ab4eafc0<BR> Message-Authenticator = 0xee6fbaa0944c0ed3a7262ada9cf8f33c<BR>modcall: entering group authorize<BR> modcall[authorize]: module "preprocess" returns ok<BR>rlm_chap: Could not find proper Chap-Password attribute in request<BR> modcall[authorize]: module "chap" returns noop<BR> rlm_eap: EAP packet type notification id 3 length 6<BR> modcall[authorize]: module "eap" returns updated<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "adam-ctl", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop<BR> users: Ma!
tched adam-ctl at 97<BR> modcall[authorize]: module "files" retu
rns ok<BR>modcall: group authorize returns updated<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR>modcall: entering group authenticate<BR> rlm_eap: EAP packet type notification id 3 length 6<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP_TYPE - tls<BR> rlm_eap: processing type tls<BR>rlm_eap_tls: Received EAP-TLS ACK message<BR> modcall[authenticate]: module "eap" returns ok<BR>modcall: group authenticate returns ok<BR>Sending Access-Challenge of id 2 to 192.168.2.155:1386<BR> EAP-Message = 0x0104040a0dc0000008b393b9c3a5d96464990a2c72c0efdcd5e5fe040d41a1b4c426acb573ac968e7208d06cfe81b4cf79655a134275d844fc53d6b3a55fdcd5fac17fcee0aa86d3338e9fbc2acc0003b7308203b33082031ca003020102020100300d06092a864886f70d010104050030819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616!
e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d0109<BR> EAP-Message = 0x0116116164616d40636661722e756d642e656475301e170d3032303232383038333834345a170d3033303232383038333834345a30819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e65647530819f300d06092a864886f70d010101050003818d0030818902818100b76856cbfed7232ee45c3e<BR> EAP-Message = 0xd43f8040e993252d513b9a045d14f5b7517dba75ea2fb28301f43e365bf24d708896b46b48436b17bcc6373878fb2c92c6355ecefda18e4a6f9b3d22da693e8710841074aba5f4711738aa23248cae7f14eca024366572eefdbf72549e937c977a2ceac764a2c95da163e5c0596e6cb092b4ae11dd0203010001a381fe3081fb301d0603551d0e041604146f89584e55edc5d0e6bd2d8b80fe9196058976943081cb060!
3551d230481c33081c080146f89584e55edc5d0e6bd2d8b80fe919605897694a181a4a
481a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c6567<BR> EAP-Message = 0x65205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e64310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e656475820100300c0603551d13040530030101ff300d06092a864886f70d010104050003818100450e6fd396fb46ec1d9820542ecf1d75363f08b2cc07cb84b6d7451aff714c7a775d3bf1666973fb0c35e7cfd6c31a179d70c085bc459ba1294c1dca22cb9273c76c3b12f519a74318c3ae0d7705d32cfdf75ad32a597fbde29a2780c102ec0751a1adefff8ad463c1f5a175<BR> EAP-Message = 0x313c998a42537e8114e0bba00898c9963931d64d1603<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x9aa445bba75b34a90f20258ea68c699c7f1f803e8e78ac8f7f23c1824f6cae6b45accbd6<BR>Finished request 2<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet fr!
om host 192.168.2.155:1386, id=3, length=185<BR> User-Name = "adam-ctl"<BR> NAS-IP-Address = 192.168.2.155<BR> NAS-Port = 1<BR> Called-Station-Id = "00-40-05-AF-05-14:test"<BR> Calling-Station-Id = "00-40-05-AF-05-2E"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x020400060d00<BR> State = 0x9aa445bba75b34a90f20258ea68c699c7f1f803e8e78ac8f7f23c1824f6cae6b45accbd6<BR> Message-Authenticator = 0xde7c08fcf4e7d793c64b85c841c10ba8<BR>modcall: entering group authorize<BR> modcall[authorize]: module "preprocess" returns ok<BR>rlm_chap: Could not find proper Chap-Password attribute in request<BR> modcall[authorize]: module "chap" returns noop<BR> rlm_eap: EAP packet type notification id 4 length 6<BR> modcall[authorize]: module "eap" returns updated<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "ada!
m-ctl", looking up realm NULL<BR> rlm_realm: No such
realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop<BR> users: Matched adam-ctl at 97<BR> modcall[authorize]: module "files" returns ok<BR>modcall: group authorize returns updated<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR>modcall: entering group authenticate<BR> rlm_eap: EAP packet type notification id 4 length 6<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP_TYPE - tls<BR> rlm_eap: processing type tls<BR>rlm_eap_tls: Received EAP-TLS ACK message<BR> modcall[authenticate]: module "eap" returns ok<BR>modcall: group authenticate returns ok<BR>Sending Access-Challenge of id 3 to 192.168.2.155:1386<BR> EAP-Message = 0x010500bd0d80000008b30100b00d0000a802010200a300a130819e310b30090603550406130255533111300f060355040813084d6172796c616e64311530130603550407130c436f6c6c656765205061726b311f301d060355040a1316556e6976657273697479206f66204d6172796c616e6!
4310e300c060355040b13054d4953534c31123010060355040313096164616d2d726f6f743120301e06092a864886f70d01090116116164616d40636661722e756d642e6564750e000000<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x533810a9d53f5cb5ba30e1deb2e11b087f1f803eeffd5b19b9da4a6ed461106596b191a7<BR>Finished request 3<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>--- Walking the entire request list ---<BR>Cleaning up request 0 ID 0 with timestamp 3e801f7f<BR>Cleaning up request 1 ID 1 with timestamp 3e801f7f<BR>Cleaning up request 2 ID 2 with timestamp 3e801f7f<BR>Cleaning up request 3 ID 3 with timestamp 3e801f7f<BR>Nothing to do. Sleeping until we see a request.</P>
<P>=========================</P>
<P>it seem ok ,but xsupplicant cant be authoried by AP!</P>
<P>what the problem ? i need your help!<BR></P><p><br><hr size=1><b>Do You Yahoo!?</b><br>
<a href="http://rd.yahoo.com/mail_cn/tag/?http://cn.messenger.yahoo.com//chat/index.html
">"雅虎通网络KTV, 随时随地免费卡拉OK~~"</a>