OpenWrt Forum Archive

Topic: WPA using EAP-TLS

The content of this topic has been archived on 24 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
esseo
3 Oct 2005, 23:47

Hello. I'm trying to set up WPA using EAP-TLS.
Whenever I try to connect to my router from my windows XP client, the authentication processs is not ended.

Here is the RADIUS log.

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/eap.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radiusd.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/freeradius/certs/essvr.pem"
tls: certificate_file = "/etc/freeradius/certs/essvr.pem"
tls: CA_file = "/etc/freeradius/certs/root.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/freeradius/certs/dh"
tls: random_file = "/etc/freeradius/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
Module: Instantiated eap (eap)
Module: Loaded files
files: usersfile = "/etc/freeradius/users"
files: acctusersfile = "/etc/freeradius/acct_users"
files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=123
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0200000a014553434c54
    Message-Authenticator = 0x649add77259f2c936e13f85d3cb2c0f8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  rlm_eap: EAP packet type response id 0 length 10
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010100060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x5844975d05ab4a7a0de9f066c1a0a9e3
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=211
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x5844975d05ab4a7a0de9f066c1a0a9e3
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020100500d800000004616030100410100003d03014341b0178dcb1c8cbf773fab75664d2cca116d723d4677add6acb98aa190504600001600040005000a000900640062000300060013001200630100
    Message-Authenticator = 0xafc0b1d9c52b771bdcc9ce9c07e6fe41
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  rlm_eap: EAP packet type response id 1 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 023c], Certificate 
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0083], CertificateRequest 
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode 
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010203220d8000000318160301004a020000460301386d4a1240521f146704060e7484844b0920dda6d8ef32bce377a59dd7be336d2025e8c656e91305d4a98c4498f5d1e31deed19ac3910faf22f39d5f53c7d22944000400160301023c0b0002380002350002323082022e30820197a0030201020209009b7c11f9e56d3a91300d06092a864886f70d0101050500304c310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310d300b0603550403130445534341301e170d3035313030333138313034355a170d3036313030333138313034355a
    EAP-Message = 0x304d310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310e300c06035504031305455353565230819f300d06092a864886f70d010101050003818d0030818902818100bfe9f8bbd0ceaa49e3b193d7741fdd70b709746aaaa73cde5163dc2cbe498961102cad34765aee1c58f966b91ad8dd88d3fdc983d436205f79b5e90bd6f672cb3f87edef9b2bb8d2ccc5ac2e1920c12e2c6b004a946b3aeab26ee1d0118810e95bf0370f052b22ad4810825b220389655bd34c27e6aecd3b4a8bd6a56bb7c06f0203010001a317301530130603551d2504
    EAP-Message = 0x0c300a06082b06010505070301300d06092a864886f70d010105050003818100c0364cc15bdc984c58cf43bc5a406705c700bfe048b5658e89962a2e493aef207e30a930dd3cd397af2d69372f7e7cce448a91d9318e1f5a6814c5680a08b0bfdf8fbe3b8b3298361a10426ce16d5a701ce4a703cb4ae0939138faa88bfcfa097a016077d7a86a8daf28cac9c2f32dd6c50e41f0ecf3e9eacbab500396bb67b216030100830d00007b020102007600743072310b30090603550406130255533111300f06035504081308496c6c696e6f6973310d300b060355040a130455495543310b3009060355040b13024353311330110603550403130a45756e73
    EAP-Message = 0x6f6f2053656f311f301d06092a864886f70d010901161065756e736f6f40676d61696c2e636f6d0e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x275cee091416f906f184cb62fe654e7e
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=137
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x275cee091416f906f184cb62fe654e7e
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020200060d00
    Message-Authenticator = 0x5add102325b8f7df422ec7d1b634d204
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x0103000a0d8000000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x2593f7dfe0e2521b100a194c4d23ebc2
Finished request 2
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 0 with timestamp 386d4a12
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=123
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000a014553434c54
    Message-Authenticator = 0x2f2dfcf93d5dd838342fc53679b2f460
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  rlm_eap: EAP packet type response id 1 length 10
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010200060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x958bd6c897f6fed65c7aa33f11ff64eb
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=211
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x958bd6c897f6fed65c7aa33f11ff64eb
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020200500d800000004616030100410100003d03014341b035f7dee2db46f12e7bed829667a2cf2bcf70fa80ea8e91f4792245547c00001600040005000a000900640062000300060013001200630100
    Message-Authenticator = 0xd569978f9b0ec60b3ba3aa58d1c2ade7
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 023c], Certificate 
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0083], CertificateRequest 
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode 
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010303220d8000000318160301004a020000460301386d4a300d585f617272813086193a66ee6d8149a7322c1b0cd99e972b6fc1e42081ac08fa76003b20e6534c7987dec1af9016f88713b6afa62d89ecb52a052000000400160301023c0b0002380002350002323082022e30820197a0030201020209009b7c11f9e56d3a91300d06092a864886f70d0101050500304c310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310d300b0603550403130445534341301e170d3035313030333138313034355a170d3036313030333138313034355a
    EAP-Message = 0x304d310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310e300c06035504031305455353565230819f300d06092a864886f70d010101050003818d0030818902818100bfe9f8bbd0ceaa49e3b193d7741fdd70b709746aaaa73cde5163dc2cbe498961102cad34765aee1c58f966b91ad8dd88d3fdc983d436205f79b5e90bd6f672cb3f87edef9b2bb8d2ccc5ac2e1920c12e2c6b004a946b3aeab26ee1d0118810e95bf0370f052b22ad4810825b220389655bd34c27e6aecd3b4a8bd6a56bb7c06f0203010001a317301530130603551d2504
    EAP-Message = 0x0c300a06082b06010505070301300d06092a864886f70d010105050003818100c0364cc15bdc984c58cf43bc5a406705c700bfe048b5658e89962a2e493aef207e30a930dd3cd397af2d69372f7e7cce448a91d9318e1f5a6814c5680a08b0bfdf8fbe3b8b3298361a10426ce16d5a701ce4a703cb4ae0939138faa88bfcfa097a016077d7a86a8daf28cac9c2f32dd6c50e41f0ecf3e9eacbab500396bb67b216030100830d00007b020102007600743072310b30090603550406130255533111300f06035504081308496c6c696e6f6973310d300b060355040a130455495543310b3009060355040b13024353311330110603550403130a45756e73
    EAP-Message = 0x6f6f2053656f311f301d06092a864886f70d010901161065756e736f6f40676d61696c2e636f6d0e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x375c7c491f0db06303c1772f804a8529
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=137
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x375c7c491f0db06303c1772f804a8529
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020300060d00
    Message-Authenticator = 0x74eb60e178d361179806376d989626e7
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x0104000a0d8000000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x925dc408c4da8af72cf1b43c9f7ffd4a
Finished request 5
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 0 with timestamp 386d4a30
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=123
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000a014553434c54
    Message-Authenticator = 0x562e47ed8c28df0890cd57517bebbef4
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  rlm_eap: EAP packet type response id 1 length 10
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010200060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x4010ac579984042f5a13930dfbced3f8
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=211
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x4010ac579984042f5a13930dfbced3f8
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020200500d800000004616030100410100003d03014341b0536f6f11b84b1f6b2ed8439075c7ee72e92b31edb1d94421b2c467872500001600040005000a000900640062000300060013001200630100
    Message-Authenticator = 0x5e5d1ec39e7b3fa692507c07a9716508
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 023c], Certificate 
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0083], CertificateRequest 
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode 
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010303220d8000000318160301004a020000460301386d4a4ece98ca9cb90cabeae8f87976bd6d240853fbc92b3db089ee2b309358207c7fdecbdb44b8baf9d0950c8d4eb017efbd7d5b46667215f449434501680007000400160301023c0b0002380002350002323082022e30820197a0030201020209009b7c11f9e56d3a91300d06092a864886f70d0101050500304c310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310d300b0603550403130445534341301e170d3035313030333138313034355a170d3036313030333138313034355a
    EAP-Message = 0x304d310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310e300c06035504031305455353565230819f300d06092a864886f70d010101050003818d0030818902818100bfe9f8bbd0ceaa49e3b193d7741fdd70b709746aaaa73cde5163dc2cbe498961102cad34765aee1c58f966b91ad8dd88d3fdc983d436205f79b5e90bd6f672cb3f87edef9b2bb8d2ccc5ac2e1920c12e2c6b004a946b3aeab26ee1d0118810e95bf0370f052b22ad4810825b220389655bd34c27e6aecd3b4a8bd6a56bb7c06f0203010001a317301530130603551d2504
    EAP-Message = 0x0c300a06082b06010505070301300d06092a864886f70d010105050003818100c0364cc15bdc984c58cf43bc5a406705c700bfe048b5658e89962a2e493aef207e30a930dd3cd397af2d69372f7e7cce448a91d9318e1f5a6814c5680a08b0bfdf8fbe3b8b3298361a10426ce16d5a701ce4a703cb4ae0939138faa88bfcfa097a016077d7a86a8daf28cac9c2f32dd6c50e41f0ecf3e9eacbab500396bb67b216030100830d00007b020102007600743072310b30090603550406130255533111300f06035504081308496c6c696e6f6973310d300b060355040a130455495543310b3009060355040b13024353311330110603550403130a45756e73
    EAP-Message = 0x6f6f2053656f311f301d06092a864886f70d010901161065756e736f6f40676d61696c2e636f6d0e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x7a8787b4d77efe931a2d6fadc66f8db5
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=137
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x7a8787b4d77efe931a2d6fadc66f8db5
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020300060d00
    Message-Authenticator = 0x9663c3fada0b297a4959d7c8f43cad73
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x0104000a0d8000000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xf5602fe60f10af3abbd3d9ddf8dc3c91
Finished request 8
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 0 with timestamp 386d4a4e
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=123
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000a014553434c54
    Message-Authenticator = 0x9103e28c8b45ea3c19878d7b38e687c4
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
  rlm_eap: EAP packet type response id 1 length 10
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 9
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010200060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xc7fba5df3a14707563e707c00abafc5b
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=211
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0xc7fba5df3a14707563e707c00abafc5b
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020200500d800000004616030100410100003d03014341b0721667282ca91f2990b6dd7d167d50464e014fb84650dd424a7732e3ba00001600040005000a000900640062000300060013001200630100
    Message-Authenticator = 0x1bf3dca59517bdb8d2c5b606e2ab7a2b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 10
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 10
modcall: group authorize returns updated for request 10
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 023c], Certificate 
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0083], CertificateRequest 
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode 
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 10
modcall: group authenticate returns handled for request 10
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010303220d8000000318160301004a020000460301386d4a6c982603d9e97e57b880157f71bcec43b1519e912db801c1a2bff4abb720352b148495cf08009ad5e4d6d747fcf8cba6ba204c9a26eda30ed8dca20249f5000400160301023c0b0002380002350002323082022e30820197a0030201020209009b7c11f9e56d3a91300d06092a864886f70d0101050500304c310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310d300b0603550403130445534341301e170d3035313030333138313034355a170d3036313030333138313034355a
    EAP-Message = 0x304d310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310e300c06035504031305455353565230819f300d06092a864886f70d010101050003818d0030818902818100bfe9f8bbd0ceaa49e3b193d7741fdd70b709746aaaa73cde5163dc2cbe498961102cad34765aee1c58f966b91ad8dd88d3fdc983d436205f79b5e90bd6f672cb3f87edef9b2bb8d2ccc5ac2e1920c12e2c6b004a946b3aeab26ee1d0118810e95bf0370f052b22ad4810825b220389655bd34c27e6aecd3b4a8bd6a56bb7c06f0203010001a317301530130603551d2504
    EAP-Message = 0x0c300a06082b06010505070301300d06092a864886f70d010105050003818100c0364cc15bdc984c58cf43bc5a406705c700bfe048b5658e89962a2e493aef207e30a930dd3cd397af2d69372f7e7cce448a91d9318e1f5a6814c5680a08b0bfdf8fbe3b8b3298361a10426ce16d5a701ce4a703cb4ae0939138faa88bfcfa097a016077d7a86a8daf28cac9c2f32dd6c50e41f0ecf3e9eacbab500396bb67b216030100830d00007b020102007600743072310b30090603550406130255533111300f06035504081308496c6c696e6f6973310d300b060355040a130455495543310b3009060355040b13024353311330110603550403130a45756e73
    EAP-Message = 0x6f6f2053656f311f301d06092a864886f70d010901161065756e736f6f40676d61696c2e636f6d0e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xfa07d26ba3f8c5ca875ce3f3590122b9
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=137
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0xfa07d26ba3f8c5ca875ce3f3590122b9
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020300060d00
    Message-Authenticator = 0x88bfbb11516e603f7620d4bcca6f1e3b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 11
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 11
modcall: group authorize returns updated for request 11
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 11
modcall: group authenticate returns handled for request 11
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x0104000a0d8000000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xd55047048f2f7af965fa4c39e5d7dc69
Finished request 11
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 11 ID 0 with timestamp 386d4a6c
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=123
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000a014553434c54
    Message-Authenticator = 0x167dcf563f4b823fe4f8880651162437
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
  rlm_eap: EAP packet type response id 1 length 10
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 12
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 12
modcall: group authorize returns updated for request 12
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 12
modcall: group authenticate returns handled for request 12
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010200060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x9910d9c0b41bc7dbc3d5d538bff7419f
Finished request 12
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=211
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x9910d9c0b41bc7dbc3d5d538bff7419f
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020200500d800000004616030100410100003d03014341b0904cd7aa43842cf5b30b98e7d3f49d445c09a9b1a214786f12d12410f600001600040005000a000900640062000300060013001200630100
    Message-Authenticator = 0x3abd48f7caacca76cc9adbd0fd177766
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 13
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 13
modcall: group authorize returns updated for request 13
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 023c], Certificate 
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0083], CertificateRequest 
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode 
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 13
modcall: group authenticate returns handled for request 13
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010303220d8000000318160301004a020000460301386d4a8a8e3e13dbb3e4f46e51f17c8af5033a39ea72bedbadd31ff9185332b7203dcdd6e5aac8237b0fdcc90e433f91bd4673207fc73acede92d43756cb9b7465000400160301023c0b0002380002350002323082022e30820197a0030201020209009b7c11f9e56d3a91300d06092a864886f70d0101050500304c310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310d300b0603550403130445534341301e170d3035313030333138313034355a170d3036313030333138313034355a
    EAP-Message = 0x304d310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310e300c06035504031305455353565230819f300d06092a864886f70d010101050003818d0030818902818100bfe9f8bbd0ceaa49e3b193d7741fdd70b709746aaaa73cde5163dc2cbe498961102cad34765aee1c58f966b91ad8dd88d3fdc983d436205f79b5e90bd6f672cb3f87edef9b2bb8d2ccc5ac2e1920c12e2c6b004a946b3aeab26ee1d0118810e95bf0370f052b22ad4810825b220389655bd34c27e6aecd3b4a8bd6a56bb7c06f0203010001a317301530130603551d2504
    EAP-Message = 0x0c300a06082b06010505070301300d06092a864886f70d010105050003818100c0364cc15bdc984c58cf43bc5a406705c700bfe048b5658e89962a2e493aef207e30a930dd3cd397af2d69372f7e7cce448a91d9318e1f5a6814c5680a08b0bfdf8fbe3b8b3298361a10426ce16d5a701ce4a703cb4ae0939138faa88bfcfa097a016077d7a86a8daf28cac9c2f32dd6c50e41f0ecf3e9eacbab500396bb67b216030100830d00007b020102007600743072310b30090603550406130255533111300f06035504081308496c6c696e6f6973310d300b060355040a130455495543310b3009060355040b13024353311330110603550403130a45756e73
    EAP-Message = 0x6f6f2053656f311f301d06092a864886f70d010901161065756e736f6f40676d61696c2e636f6d0e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x5c661641e102c15aa2b1bf3b35b3a35d
Finished request 13
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=137
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x5c661641e102c15aa2b1bf3b35b3a35d
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020300060d00
    Message-Authenticator = 0xfcd16b8232d24fa4251e0de3bb8a0ce6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 14
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 14
modcall: group authorize returns updated for request 14
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 14
modcall: group authenticate returns handled for request 14
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x0104000a0d8000000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xf4ce93308c8928582bdf756c8d5a7e3f
Finished request 14
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 14 ID 0 with timestamp 386d4a8a
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=123
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000a014553434c54
    Message-Authenticator = 0x6850d44b4cd03fb8725a412035e08c3c
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
  rlm_eap: EAP packet type response id 1 length 10
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 15
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 15
modcall: group authorize returns updated for request 15
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 15
modcall: group authenticate returns handled for request 15
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010200060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x017bb85335e601d6ea82348140b53de3
Finished request 15
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=211
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x017bb85335e601d6ea82348140b53de3
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020200500d800000004616030100410100003d03014341b0ae58a2cfaed6dc2c8d411fdfc4168980ab259ae48a565eadf90696c3b000001600040005000a000900640062000300060013001200630100
    Message-Authenticator = 0x22bd548c7bed4cea989413bcbc6c86b2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 16
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 16
modcall: group authorize returns updated for request 16
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 023c], Certificate 
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0083], CertificateRequest 
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode 
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 16
modcall: group authenticate returns handled for request 16
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010303220d8000000318160301004a020000460301386d4aa8608ea628a721695610c6ffd331b97cd175918addbd8c9e5b2aff164c206df42e7b64fb5a2b316c126e0d1b00443a6611de66a2d657e3eadf211a2c485b000400160301023c0b0002380002350002323082022e30820197a0030201020209009b7c11f9e56d3a91300d06092a864886f70d0101050500304c310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310d300b0603550403130445534341301e170d3035313030333138313034355a170d3036313030333138313034355a
    EAP-Message = 0x304d310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310e300c06035504031305455353565230819f300d06092a864886f70d010101050003818d0030818902818100bfe9f8bbd0ceaa49e3b193d7741fdd70b709746aaaa73cde5163dc2cbe498961102cad34765aee1c58f966b91ad8dd88d3fdc983d436205f79b5e90bd6f672cb3f87edef9b2bb8d2ccc5ac2e1920c12e2c6b004a946b3aeab26ee1d0118810e95bf0370f052b22ad4810825b220389655bd34c27e6aecd3b4a8bd6a56bb7c06f0203010001a317301530130603551d2504
    EAP-Message = 0x0c300a06082b06010505070301300d06092a864886f70d010105050003818100c0364cc15bdc984c58cf43bc5a406705c700bfe048b5658e89962a2e493aef207e30a930dd3cd397af2d69372f7e7cce448a91d9318e1f5a6814c5680a08b0bfdf8fbe3b8b3298361a10426ce16d5a701ce4a703cb4ae0939138faa88bfcfa097a016077d7a86a8daf28cac9c2f32dd6c50e41f0ecf3e9eacbab500396bb67b216030100830d00007b020102007600743072310b30090603550406130255533111300f06035504081308496c6c696e6f6973310d300b060355040a130455495543310b3009060355040b13024353311330110603550403130a45756e73
    EAP-Message = 0x6f6f2053656f311f301d06092a864886f70d010901161065756e736f6f40676d61696c2e636f6d0e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x88fc5e5c66cda791fd933620846ffa27
Finished request 16
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=137
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x88fc5e5c66cda791fd933620846ffa27
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020300060d00
    Message-Authenticator = 0x9aee91cc712a6acbb9ea703fb044672e
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 17
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 17
modcall: group authorize returns updated for request 17
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 17
modcall: group authenticate returns handled for request 17
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x0104000a0d8000000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xa7b06737ebc936e6d55a88b5fcaca6e7
Finished request 17
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 17 ID 0 with timestamp 386d4aa8
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=123
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0201000a014553434c54
    Message-Authenticator = 0xc70cbd2f99f4deb30ad5013f14907910
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
  rlm_eap: EAP packet type response id 1 length 10
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 18
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 18
modcall: group authorize returns updated for request 18
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 18
modcall: group authenticate returns handled for request 18
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010200060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x6a3a8371310557eadb0553ee2e195d4d
Finished request 18
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=211
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0x6a3a8371310557eadb0553ee2e195d4d
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020200500d800000004616030100410100003d03014341b0cc7cff03477a830332a4444a0b2340ca2e9b7b9f5eae24a2c59c3c562d00001600040005000a000900640062000300060013001200630100
    Message-Authenticator = 0xbf80ad36ce292a53c8108bcc0826b8ff
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 19
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 19
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 19
modcall: group authorize returns updated for request 19
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 19
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello 
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello 
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 023c], Certificate 
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0083], CertificateRequest 
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode 
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 19
modcall: group authenticate returns handled for request 19
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x010303220d8000000318160301004a020000460301386d4ac62582478e5b685c7674a42ac5383486dd523d6382113d8fd94bf48be8205600bf4535ea4ecfef666c064f21bbc12774cec812351cb4d662234d2279d931000400160301023c0b0002380002350002323082022e30820197a0030201020209009b7c11f9e56d3a91300d06092a864886f70d0101050500304c310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310d300b0603550403130445534341301e170d3035313030333138313034355a170d3036313030333138313034355a
    EAP-Message = 0x304d310b3009060355040613025553310b300906035504081302494c3121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310e300c06035504031305455353565230819f300d06092a864886f70d010101050003818d0030818902818100bfe9f8bbd0ceaa49e3b193d7741fdd70b709746aaaa73cde5163dc2cbe498961102cad34765aee1c58f966b91ad8dd88d3fdc983d436205f79b5e90bd6f672cb3f87edef9b2bb8d2ccc5ac2e1920c12e2c6b004a946b3aeab26ee1d0118810e95bf0370f052b22ad4810825b220389655bd34c27e6aecd3b4a8bd6a56bb7c06f0203010001a317301530130603551d2504
    EAP-Message = 0x0c300a06082b06010505070301300d06092a864886f70d010105050003818100c0364cc15bdc984c58cf43bc5a406705c700bfe048b5658e89962a2e493aef207e30a930dd3cd397af2d69372f7e7cce448a91d9318e1f5a6814c5680a08b0bfdf8fbe3b8b3298361a10426ce16d5a701ce4a703cb4ae0939138faa88bfcfa097a016077d7a86a8daf28cac9c2f32dd6c50e41f0ecf3e9eacbab500396bb67b216030100830d00007b020102007600743072310b30090603550406130255533111300f06035504081308496c6c696e6f6973310d300b060355040a130455495543310b3009060355040b13024353311330110603550403130a45756e73
    EAP-Message = 0x6f6f2053656f311f301d06092a864886f70d010901161065756e736f6f40676d61696c2e636f6d0e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xf33ae8ab5a9eecec84c27a48292ca657
Finished request 19
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:2048, id=0, length=137
    User-Name = "ESCLT"
    NAS-IP-Address = 127.0.0.1
    Called-Station-Id = "0013107a0011"
    Calling-Station-Id = "00095bc3d10b"
    NAS-Identifier = "0013107a0011"
    NAS-Port = 25
    Framed-MTU = 1400
    State = 0xf33ae8ab5a9eecec84c27a48292ca657
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020300060d00
    Message-Authenticator = 0x99544fee36ba5680cc6c533f7c3edc56
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 20
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 20
    users: Matched entry ESCLT at line 5
  modcall[authorize]: module "files" returns ok for request 20
modcall: group authorize returns updated for request 20
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 20
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 20
modcall: group authenticate returns handled for request 20
Sending Access-Challenge of id 0 to 127.0.0.1:2048
    EAP-Message = 0x0104000a0d8000000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x29ccf9e862a9dfb8e82262ec12f7e759
Finished request 20
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 20 ID 0 with timestamp 386d4ac6
Nothing to do.  Sleeping until we see a request.

It seems to repeat same process again and again.
Can anybody help me?

(Last edited by esseo on 4 Oct 2005, 00:38)

Post #2
alex430
5 Oct 2005, 08:37

Hi, are you using the demo certs?

My first problem was that the demo certificates was outdated at january.

The discussion might have continued from here.