Hi, I am presently testing on eap-tls with XP as client and Cisco 340 AP and FreeRadius Server.The FR server breaks down after its sends the Access Challenge message. I dont know if the problem is with opennsl in establishing a TLS handshake. i'm using the openssl version 0.9.7a-2. The TLS Handshake does not start off ? Please help me.
I have used the following document to set up the eap -tls http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm the following is the output when I test my setup: Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 129.237.234.235:2713, id=24, length=166 User-Name = "eap-tlstestclient" Cisco-AVPair = "ssid=NTS-TEST" NAS-IP-Address = 129.237.234.235 Called-Station-Id = "00409632fa5e" Calling-Station-Id = "00062542c804" NAS-Identifier = "NTS Test 1" NAS-Port = 37 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\000\000\026\001eap-tlstestclient" Message-Authenticator = 0x788f215e63955ec62db1e0eb4022e7bf modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "eap-tlstestclient", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched eap-tlstestclient at 79 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 24 to 129.237.234.235:2713 EAP-Message = "\001\001\000\006\r " Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb475994be3f518263e495678659aa195ae8ad73e4d6647cc6f2fe085906f7a02b6f25a08 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 129.237.234.235:2714, id=25, length=262 User-Name = "eap-tlstestclient" Cisco-AVPair = "ssid=NTS-TEST" NAS-IP-Address = 129.237.234.235 Called-Station-Id = "00409632fa5e" Calling-Station-Id = "00062542c804" NAS-Identifier = "NTS Test 1" NAS-Port = 37 Framed-MTU = 1400 State = 0xb475994be3f518263e495678659aa195ae8ad73e4d6647cc6f2fe085906f7a02b6f25a08 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\001\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>\327\211{\356\tPq\232\323\214^#F\003\237\352<\354O_}y\255n\330\213n?6Ve\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001" Message-Authenticator = 0x8e9e62d0edd59ba2b57f384a6f7cf2a6 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "eap-tlstestclient", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched eap-tlstestclient at 79 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization Segmentation fault when i use gdb i to get the ERROR: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1076222624 (LWP 12196)] cbtls_msg (write_p=0, version=0, content_type=22, buf=0x811cfc8, len=0, ssl=0x81031a8, arg=0x0) at cb.c:159 159 state->info.origin = (unsigned char)write_p; (gdb) where #0 cbtls_msg (write_p=0, version=0, content_type=22, buf=0x811cfc8, len=0, ssl=0x81031a8, arg=0x0) at cb.c:159 #1 0x40121df4 in ssl3_get_message () from /lib/libssl.so.0.9.7a #2 0x40117d5b in ssl3_accept () from /lib/libssl.so.0.9.7a #3 0x401175e2 in ssl3_accept () from /lib/libssl.so.0.9.7a #4 0x4012111f in ssl3_read_bytes () from /lib/libssl.so.0.9.7a #5 0x4011e6a9 in ssl3_write () from /lib/libssl.so.0.9.7a #6 0x4011e737 in ssl3_read () from /lib/libssl.so.0.9.7a #7 0x40126dbb in SSL_read () from /lib/libssl.so.0.9.7a #8 0x402a13f8 in tls_handshake_recv (ssn=0x0) at tls.c:294 #9 0x402a0abb in eaptls_operation (eaptls_packet=0x8113b78, status=EAPTLS_LENGTH_INCLUDED, handler=0x8101e50) at eap_tls.c:586 #10 0x402a0245 in eaptls_authenticate (arg=0x80f8cf0, handler=0x8101e50) at rlm_eap_tls.c:201 #11 0x4026df30 in eaptype_call (eap_type=13, action=INITIATE, type_list=0x80bc3d0, handler=0x8101e50) at eap.c:205 #12 0x4026e061 in eaptype_select (type_list=0x80bc3d0, handler=0x8101e50, conftype=0x80bbd40 "tls") at eap.c:280 #13 0x4026d9f8 in eap_authenticate (instance=0x80ca6e8, request=0x81138c8) at rlm_eap.c:200 #14 0x08054a1c in module_post_auth () #15 0x08054acf in modcall () #16 0x08054a55 in module_post_auth () #17 0x08054b30 in modcall () #18 0x080546e7 in module_authenticate () #19 0x08051a48 in rad_check_password () ---Type <return> to continue, or q <return> to quit--- #20 0x08051e0c in rad_authenticate () #21 0x0804d213 in rad_respond () #22 0x0804cdbd in rad_process () #23 0x0804c959 in main () #24 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6 (gdb) I see the following libraries when i do a : ldd radiusd ldd /usr/local/sbin/radiusd /lib/libcrypto.so.0.9.7a => /lib/libcrypto.so.0.9.7a (0x40017000) /lib/libssl.so.0.9.7a => /lib/libssl.so.0.9.7a (0x40108000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x40150000) libnsl.so.1 => /lib/libnsl.so.1 (0x4017d000) libresolv.so.2 => /lib/libresolv.so.2 (0x40192000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x401a5000) libradius-0.8.1.so => /usr/local/lib/libradius-0.8.1.so (0x401b2000) libltdl.so.3 => /usr/lib/libltdl.so.3 (0x401c1000) libdl.so.2 => /lib/libdl.so.2 (0x401c8000) libc.so.6 => /lib/tls/libc.so.6 (0x42000000) libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x401cb000) libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x401df000) libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x4023d000) libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x4024d000) libz.so.1 => /usr/lib/libz.so.1 (0x4024f000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) Thanks, Pankaj. __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
