Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1586 connectés 

  FORUM HardWare.fr
  Systèmes & Réseaux Pro
  Sécurité

  probleme Freeradius - méthode eap-tls

 
 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

probleme Freeradius - méthode eap-tls

n°57164
ayyadi
Posté le 18-08-2009 à 15:07:21  profilanswer
 

Bonjour,
 
je suis un debutant dans le monde de freeradius, je viens de configurer un, en utilisant comme méthode d'authentification EAP-TLS, j'ai crée mes certificats en utilisant TinyCA2, pour le moment la connexion sous windows ca marche a merveille, mais sous mon ubuntu j'ai des problèmes.
 
j'ai essayé avec network-manager, je lui comunique tout les informations (ca certificat, le certificat client, la clé privé ...) et lorsque je lance mon serveur en mode debug et j'essaye de me connecter avec mon ubuntu, le serveur envoi un access-accept mais le client ne veut pas se connecter a ce moment le serveur envoi un autre challenge et il reste a tourner comme ca.
 
alors si qlq a des propositions ou a eu le meme probleme comme, je lui demande de m'aider car c'est une partie importante de mon sujet de fin d'étude et mnt ca fais 2 semaines que j'ai ce probleme et j'arrive pas a le résoudre.
 
pour indication:
serveur d'authentification sous ubuntu
client sous ubuntu.
je travail avec des adresse ip fixes.
 
il y a qlq qui ma conseillé de virer le network-manager et utiliser wifi-radar si qlq a utiliser cette méthode alors qu'il m'aide slv?
 
Merci

mood
Publicité
Posté le 18-08-2009 à 15:07:21  profilanswer
 

n°57168
Fi3rC3
Posté le 18-08-2009 à 23:17:01  profilanswer
 

Slt,
 
Tu pourrais laisser les traces que tu as sur ton radius stp ?

Message cité 1 fois

---------------
Mon Feed-Back                        ° Mes Ventes en Cours °
n°57169
ayyadi
Posté le 18-08-2009 à 23:43:57  profilanswer
 

Fi3rC3 a écrit :

Slt,
 
Tu pourrais laisser les traces que tu as sur ton radius stp ?


 
vous allez remarqués a la fin qu'il y a un access accept, mais malgré ca le client ne se connect pas et le serveur redémare la precedure avec l'envoi encore d'un request-challenge.
j'ai viré network-manager et j'ai essayer avec Wicd mais c'est le meme probleme.
Merci pour votre réponse

Citation :

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.3.12 port 1401, id=74, length=113
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 NAS-Port = 29
 Service-Type = Framed-User
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 EAP-Message = 0x024a001601636c69656e745f63657274696669636174
 Message-Authenticator = 0xc1a8cbafd35e28613a944ca717839780
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 74 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 3
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 74 to 192.168.3.12 port 1401
 EAP-Message = 0x014b00060d20
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a516dec5fcf48af69eb9673ce
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1402, id=75, length=208
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 NAS-Port = 29
 Service-Type = Framed-User
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 State = 0x5126e13a516dec5fcf48af69eb9673ce
 EAP-Message = 0x024b00630d0016030100580100005403014a8b1e58a2a5199a83fe8327658ec7912b1edba9a147774cdf1104aae59b50ab00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100000400230000
 Message-Authenticator = 0xfc12a55e6b3246bfb2485f5e8a6c262a
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 75 length 99
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 2
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7  
[tls] Done initial handshake
[tls]     (other): before/accept initialization  
[tls]     TLS_accept: before/accept initialization  
[tls] <<< TLS 1.0 Handshake [length 0058], ClientHello  
[tls]     TLS_accept: SSLv3 read client hello A  
[tls] >>> TLS 1.0 Handshake [length 0030], ServerHello  
[tls]     TLS_accept: SSLv3 write server hello A  
[tls] >>> TLS 1.0 Handshake [length 0d6d], Certificate  
[tls]     TLS_accept: SSLv3 write certificate A  
[tls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange  
[tls]     TLS_accept: SSLv3 write key exchange A  
[tls] >>> TLS 1.0 Handshake [length 00a6], CertificateRequest  
[tls]     TLS_accept: SSLv3 write certificate request A  
[tls]     TLS_accept: SSLv3 flush data  
[tls]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase  
In SSL Accept mode  
[tls] eaptls_process returned 13  
++[eap] returns handled
Sending Access-Challenge of id 75 to 192.168.3.12 port 1402
 EAP-Message = 0x014c04000dc000000fe416030100300200002c03014a8b1e0fea13c4ce4f28560d9c49579802d264f07a58457cbb15083ba9d49be6000039010004002300001603010d6d0b000d69000d6600063f3082063b30820423a003020102020101300d06092a864886f70d0101050500308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561
 EAP-Message = 0x752e6672301e170d3039303831363133343635305a170d3130303831363133343635305a308194310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311b301906035504031412736572766575725f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100dc11e479d3c841cdeab99d5f2b07d93efafac9343e7d53fa8d9ba74d5c9cbc6171
 EAP-Message = 0x9e19bc480af558b068e5e5672b9acc715832bbc6326fd7a37d290733c61ff64d0f44a8527ea0cea9bd0f005e6c3c0009886cfa210a29f8fcbbd957c84cfa8ab1664d63b6c8656a2242f8a29169e6287805ef9059034837d0effb882aeecde9276be7ad36475ccdf000160443ee0ec099e19b83470dce05caefbbd4d6924603fc3d3ad3bc3770ae9b6b23c57492665be04801f28ff313445ec32a24e5d4b4d2f22611c27de68602ed0412e435a364f3ac31c5bd23a719893bad600ecac92b11a045783d1c17439c542dec2b91619cf47e9edb10359f37c9a524e2f0cadcfe8f0203010001a38201973082019330090603551d1304023000301106096086
 EAP-Message = 0x480186f8420101040403020640302b06096086480186f842010d041e161c54696e7943412047656e657261746564204365727469666963617465301d0603551d0e04160414a28ebf60f11aeac4121737f2245e0f05545b79903081c60603551d230481be3081bb8014364f244882451624f867420f4be641177cc72adba18197a48194308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c0609
 EAP-Message = 0x2a864886f70d010901160f61
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a506aec5fcf48af69eb9673ce
Finished request 1.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1403, id=76, length=115
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 NAS-Port = 29
 Service-Type = Framed-User
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 State = 0x5126e13a506aec5fcf48af69eb9673ce
 EAP-Message = 0x024c00060d00
 Message-Authenticator = 0x7bbbee2bc335b4bcc1ed3b41d7a2176a
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 76 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 1
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1  
[tls] eaptls_process returned 13  
++[eap] returns handled
Sending Access-Challenge of id 76 to 192.168.3.12 port 1403
 EAP-Message = 0x014d04000dc000000fe4646d696e407265736561752e6672820900a0c299e5390e0c51301a0603551d1204133011810f61646d696e407265736561752e6672301a0603551d1104133011810f61646d696e407265736561752e6672300e0603551d0f0101ff0404030205a030160603551d250101ff040c300a06082b06010505070301300d06092a864886f70d01010505000382020100091302ce09b71758c33fa547cf349013b97b12e7ed6aab53033aa3a02165353be3bb9b9fec7b1555ea1a8db076429017ef028ca4c11ad2d2536350d87d9758fc23d1ea74599e480d019f1d949a6978402f27ec046383386d57c5863375a364bb3743474b98ae
 EAP-Message = 0x3566a5a511e7daea0e4598193154b0396011fe336bb217093bfdd0e351c66e14e8d5fd662d2704833ec86dfce31a8d196e060e4d0ee3395a84a5692a1e72e3a935224c9bcdce400d44af8b8ef36d8df91d5bc2edf3770bba8940bf9695d39509d6163c5d60c2f91817fc87eaad8369f0cf1ffb1fda84e536a868b90d5c6ba41aa895ce971b99ab4440a440eb83ce232278def96471ff88731524ce1c8c2572f67def2857527cce2fdb2aabbb96e58794fdab6226e015c4e26b4db79577050bd28846e021f3df0164afa82ea990ba4f8128699786f40b0777a2390aed994c17ceb80eed08c6845be11094743126f5f459b1eb81d947c40109140c868391
 EAP-Message = 0x37e2ae10c494a95cf5bd2fc6d5ffa317eb203f4c0d08a44ba6b6c5fd70048627bb3307fada3484f11a59afe9ef46005ca373b43736b2a8113e542d4e7057a2ad75a19c588e5c62e0961c5ca653db22c26c390554181de1186ee518c64d96752c1c13215c8d2425e7965c3d5404e6bdcb0a96ef1f5b567650b62c7b2a151c44ea4f086425547dbf569b0c131a966dbf7091ecbedec5f5fe95c409917d0b0007213082071d30820505a003020102020900a0c299e5390e0c51300d06092a864886f70d0101050500308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c6965
 EAP-Message = 0x72310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e6672301e170d3039303831363133343131365a170d3139303831343133343131365a308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f7
 EAP-Message = 0x0d010901160f61646d696e40
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a536bec5fcf48af69eb9673ce
Finished request 2.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1404, id=77, length=115
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 NAS-Port = 29
 Service-Type = Framed-User
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 State = 0x5126e13a536bec5fcf48af69eb9673ce
 EAP-Message = 0x024d00060d00
 Message-Authenticator = 0x06524012ceb5e078d2336f5542895bd7
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 77 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 0
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1  
[tls] eaptls_process returned 13  
++[eap] returns handled
Sending Access-Challenge of id 77 to 192.168.3.12 port 1404
 EAP-Message = 0x014e04000dc000000fe47265736561752e667230820222300d06092a864886f70d01010105000382020f003082020a0282020100f52ad2a8ead1827626d1a2961284e0a43e432adc1d294f8ebed8128d3efd6947db6b2b1a1adbbb667e44cffe18bb1735478528390d79ad4301a349257ac981e5245cdf7900b1d3085c60be2d5465903599cb88bc25222cfe8738b743811da85a5e99dd897ce225984c2cbc1a1b8e27d515d86d8df1602b4032a15f102d9c1cbd661f9351a2d223c0f9c38dab6defd6134b9ad471ebc0fde43ed41fdcf2249a2eb04bb652b135b071622a8f763b7fba804717fbfe4d0e8b6a3c13d8c49d2ece38e4dcc6a1843e7b9ad9
 EAP-Message = 0xd01d6bd9078aa84035fb9b00c094ec0a4c8efe2965358fe9e7de8d3566171b714cd1860bd2ae952b5b7e34c4e241c27707d56ca496513c30a4dd611bedaedfb388f9bf6692a6030a763c663cb28b9bfb7faa2398951ab220e6e8835cae1457da8fd11e61e24cde33b0595d041d894b7661f5b8624758d6aac1ea6e058d619a1839fb2f14fa47ca665143cbe7dfc339cd27f0ea518af054eaeb303cc237c45c4ab6b0ad76a710f979a802f4fcf93c0bb4b95d33a71743394cb0f1b87ac7d7ddf2eea26daa34ef5ab13a7fac24e13345e1d2abf1f6dd4292f4a3cfecc4cb53b91dd879e8f4cedfaf4982534252476dde6b551c3e3ceeae9eda7f155425a0
 EAP-Message = 0x79c5f8b544ac5fbbcd0011f60c8b202b8218a2fea12446823f51d9a61a2981857b6c7efbc5ded0e51cd7fb32d9f2a4e26dcc36c1bcc700226f230203010001a382017430820170301d0603551d0e04160414364f244882451624f867420f4be641177cc72adb3081c60603551d230481be3081bb8014364f244882451624f867420f4be641177cc72adba18197a48194308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f636572
 EAP-Message = 0x74696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e6672820900a0c299e5390e0c51300f0603551d130101ff040530030101ff301106096086480186f842010104040302010630090603551d1204023000302b06096086480186f842010d041e161c54696e7943412047656e657261746564204365727469666963617465301a0603551d1104133011810f61646d696e407265736561752e6672300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382020100b4fd790ef8f11d64f233098a16d07e09e6557d80e839f3200b0e1acbdf7d57af0963a4a56fe5815809d2043ec4ea79
 EAP-Message = 0x3ec38e2c46a6843994168e06
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a5268ec5fcf48af69eb9673ce
Finished request 3.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1405, id=78, length=115
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 NAS-Port = 29
 Service-Type = Framed-User
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 State = 0x5126e13a5268ec5fcf48af69eb9673ce
 EAP-Message = 0x024e00060d00
 Message-Authenticator = 0x8ef54fa1f1688500f2b5ae89d30a2b56
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 78 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 4
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1  
[tls] eaptls_process returned 13  
++[eap] returns handled
Sending Access-Challenge of id 78 to 192.168.3.12 port 1405
 EAP-Message = 0x014f04000dc000000fe4eaeb588fd87394183f80e2bfac184fdc22f8d3db10cc5aa62e48a16b666bec9ee7ca0984459e313bed2b38a8cde1768670d266ce2bcab4cd0eda1be653a6c8632e4616b17bce7d7c8a3dd6cd0ff44011042c7e480ee7e2ea5635e3ddea066a2766857f7d5366ec0a91aaf02b786ce348d625e435534aac28f8b60b6acc0606420d1b8b4aaf4cc6f09c163f88643bba5cf078fe8c6a8241ca7e39cb9cfbefd5ac24ff498706cd8a1631bddbfdaee8db6c6e61bd2a05182e120ac922b5fd47418ba470b7f4002b02465422efcdc23e316e0f0bf956d16d7879ad0ab9c6f87211bc80d5b4d0e28d56d7b9e0e2d0df5f9cd1d47c58
 EAP-Message = 0x8c0c60777423b2d03a5adb2b99612d111b7d9ce9fe8325c15e8328430b341de1c0a3a8f9aa16da33154982c90e7a6f34b913666e13b5d56e339e4801a02225fdacb48b62cfb0e3181bb4bebfd19e365db5847610d6bf34bbad6e79b330fe7bf0b52ac79db7d92d2fa26bfaf566a0210b547f65053063c100924f4603125b67d90bf61bdd4b510ca9759e3a7ab6058f91311894a3354555d211105469d457ca7bcdfe53cb0c05264d5d42081b4b1a16b2ee6de0d0df24b91ec31c8fe9865af3042e714621f0e60a5d4c1ae574082887dfd69b160301018d0c0001890040dd83b7eedd4b437df79918087cfb06da711b97f4013f5416140fb49b3f6d4316
 EAP-Message = 0xe61b8315741e6fb0d037408c2846f0ebaabbe868c47b90b01ce3ab3574c0755f00010500404f4743000058ab5b92b402ebb9c61941cb48f5742d71358f225f33ee3c06ccebd94a1255b66335735d5363ff98df979578591789e195028f911088fff04198000100252c3505419a9876802bc2e153f9182619e73cb2993e1332267785c240549cc87f7ec6df8c149a8095f3af51ded060c20a457e398398d2c7d14999ca5ba19f0f07f541d1b373912c613f5d4b967b22dd485941dc8c3bb36af1b989387db1314d5c299ba7bf5d9a66c14acf670433ca110fe218c28244e75a5fea7ac62e0f33a59d3aff0fefadf549826f49522b78f60a1edad20c2f38
 EAP-Message = 0xad57adf8658a9192a5f3d57c43376e4481251eb1c0d8b6b58d854a13cb56803a6f7c6949a3886922c27713080be951d7e9dc5f45cb4a70de472a80275f3be1eb6c8e5812f588f760427501b1b9c8e0d7b096608fc118d7b29bedcd658fd4f30a38c99a4e46d6d590ba6016030100a60d00009e05030401024000960094308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f70d
 EAP-Message = 0x010901160f61646d696e4072
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a5569ec5fcf48af69eb9673ce
Finished request 4.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1406, id=79, length=115
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 NAS-Port = 29
 Service-Type = Framed-User
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 State = 0x5126e13a5569ec5fcf48af69eb9673ce
 EAP-Message = 0x024f00060d00
 Message-Authenticator = 0x4900786058ed23f752df685aff1917cf
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 79 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 3
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1  
[tls] eaptls_process returned 13  
++[eap] returns handled
Sending Access-Challenge of id 79 to 192.168.3.12 port 1406
 EAP-Message = 0x015000160d8000000fe465736561752e66720e000000
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a5476ec5fcf48af69eb9673ce
Finished request 5.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1407, id=80, length=1501
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 State = 0x5126e13a5476ec5fcf48af69eb9673ce
 EAP-Message = 0x025005800dc000000f021603010d6c0b000d68000d6500063e3082063a30820422a003020102020102300d06092a864886f70d0101050500308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e6672301e170d3039303831363133343733335a170d3130303831363133343733335a308193310b300906035504061302465231
 EAP-Message = 0x0f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311a301806035504031411636c69656e745f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100d95392447dd7700d004aca39fb40a9e62722ff8e39f63eb701b905ebef5c8d325e8fe0f326122da27b5acd47858c3b0dfa4e4a518fc561f8e39e763ca3aa725c0d18af0e0d65173ab0c09712383edf8d85cfc41b6c05f1
 EAP-Message = 0xf45aa2031ebf39b826cba616ecaa88698acf523a24e1ece3f8415007059a1830f36c6ff9c502ac4a63df6344f945cd26295137465129dd7e0dd8562761bc0026f832796b3fbb4583b62e139776f8fdb953533cf2ffce2a25fea1769806cf26840a6986c8298047acedd4a3a724be30c1464681dc97d43a2233f99695544cf239bedbc0c4a2a4b0f321b49a6839485bd2dbb754e489dd9655a4198c84cbace60537d8e35486fb489a830203010001a38201973082019330090603551d1304023000301106096086480186f84201010404030204b0302b06096086480186f842010d041e161c54696e7943412047656e6572617465642043657274696669
 EAP-Message = 0x63617465301d0603551d0e041604149bad0db8a4db74992abacb198733593a2b7a6fba3081c60603551d230481be3081bb8014364f244882451624f867420f4be641177cc72adba18197a48194308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e6672820900a0c299e5390e0c51301a0603551d1204133011810f61646d69
 EAP-Message = 0x6e407265736561752e6672301a0603551d1104133011810f61646d696e407265736561752e6672300e0603551d0f0101ff0404030205a030160603551d250101ff040c300a06082b06010505070302300d06092a864886f70d010105050003820201002f0be9fdef99f141544f0d48b6ff4446e960524a7d9ecf93365a04c9f3db72ec63e86114209c66e8627fc522e441b03c27feff692f0e1d05dceb506204186c19b00bda421d3549612af633c8943ada1caa0e74af7bf507dbc4bec11dacfdf3b0202eaa5b8ff7d9baecaec074e3570ff446cc9ce97e91aa05f75b47a2ad76f3ed2a8bddc49fcdea090ba917ef38e251b9178f8ed0370e1a3d5cfc
 EAP-Message = 0x1e505c2d8667faf0b1672cc12e31b86a55ce0b6e1c1b20d1e537d3a7ed0a89a02ec133e1d7b2372fa4f4ec2bd8ee3b6b82f434be451b1a8c6a16e6fc22d4ef38caf00266414309c941f72bd1791417316a507cf8f428dbfa661727135f99ea6b3db80b98885fed1e95bfc2f4d0ca240a25bf661e868a93e301dc20776655e893c1ba0659d4429994c971f126b65bdf
 Message-Authenticator = 0x84c35224e1c197c8a6ce344444197669
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 80 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 2
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
  TLS Length 3842
[tls] Received EAP-TLS First Fragment of the message
[tls] eaptls_verify returned 9  
[tls] eaptls_process returned 13  
++[eap] returns handled
Sending Access-Challenge of id 80 to 192.168.3.12 port 1407
 EAP-Message = 0x015100060d00
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a5777ec5fcf48af69eb9673ce
Finished request 6.
Going to the next request
Waking up in 4.2 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1408, id=81, length=1497
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 State = 0x5126e13a5777ec5fcf48af69eb9673ce
 EAP-Message = 0x0251057c0d40638cb4110a217b6b2a7f52db220d80c8f0369216766d0b1fc40f2a042d067ed8b29b2239c3dfe92e2e676caba014803d09f1c88123ca79ededaaf27fd40947b2790ba202391d43cfe22678e51e977da94ddf84719433ef8b49a7ae044b9e79ec15a35dce1dd44d360b0fa7d5026100ac1d1e46de98152bc996bdbd6e33be65f44a5e65c22c5e553c29ebe93efc9d9b279a46f12cd6a5c6a87002b33385466ef5bd16e685acfa863c33d629b15fa2f2e8483e3c3a1ecc6ac1bb4749b6ecd7be92e6dab61665bfa5289b6f909c75c7293794902228de71890007213082071d30820505a003020102020900a0c299e5390e0c51300d06092a
 EAP-Message = 0x864886f70d0101050500308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e6672301e170d3039303831363133343131365a170d3139303831343133343131365a308191310b3009060355040613024652310f300d060355040813064672616e6365311430120603550407130b4d6f6e7470656c6c696572310e300c06035504
 EAP-Message = 0x0a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e667230820222300d06092a864886f70d01010105000382020f003082020a0282020100f52ad2a8ead1827626d1a2961284e0a43e432adc1d294f8ebed8128d3efd6947db6b2b1a1adbbb667e44cffe18bb1735478528390d79ad4301a349257ac981e5245cdf7900b1d3085c60be2d5465903599cb88bc25222cfe8738b743811da85a5e99dd897ce225984c2cbc1a1b8e27d515d86d8df1602b4032a15f102d9c1cbd661f9351a2d223
 EAP-Message = 0xc0f9c38dab6defd6134b9ad471ebc0fde43ed41fdcf2249a2eb04bb652b135b071622a8f763b7fba804717fbfe4d0e8b6a3c13d8c49d2ece38e4dcc6a1843e7b9ad9d01d6bd9078aa84035fb9b00c094ec0a4c8efe2965358fe9e7de8d3566171b714cd1860bd2ae952b5b7e34c4e241c27707d56ca496513c30a4dd611bedaedfb388f9bf6692a6030a763c663cb28b9bfb7faa2398951ab220e6e8835cae1457da8fd11e61e24cde33b0595d041d894b7661f5b8624758d6aac1ea6e058d619a1839fb2f14fa47ca665143cbe7dfc339cd27f0ea518af054eaeb303cc237c45c4ab6b0ad76a710f979a802f4fcf93c0bb4b95d33a71743394cb0f1b8
 EAP-Message = 0x7ac7d7ddf2eea26daa34ef5ab13a7fac24e13345e1d2abf1f6dd4292f4a3cfecc4cb53b91dd879e8f4cedfaf4982534252476dde6b551c3e3ceeae9eda7f155425a079c5f8b544ac5fbbcd0011f60c8b202b8218a2fea12446823f51d9a61a2981857b6c7efbc5ded0e51cd7fb32d9f2a4e26dcc36c1bcc700226f230203010001a382017430820170301d0603551d0e04160414364f244882451624f867420f4be641177cc72adb3081c60603551d230481be3081bb8014364f244882451624f867420f4be641177cc72adba18197a48194308191310b3009060355040613024652310f300d060355040813064672616e636531143012060355040713
 EAP-Message = 0x0b4d6f6e7470656c6c696572310e300c060355040a130573616c6c653111300f060355040b140873616c6c655f5444311830160603550403140f776966695f63657274696669636174311e301c06092a864886f70d010901160f61646d696e407265736561752e6672820900a0c299e5390e0c51300f0603551d130101ff040530030101ff301106096086
 Message-Authenticator = 0x8ece4bb17d66cd90d5831654ba32f4cf
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 81 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 1
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] More fragments to follow
[tls] eaptls_verify returned 10  
[tls] eaptls_process returned 13  
++[eap] returns handled
Sending Access-Challenge of id 81 to 192.168.3.12 port 1408
 EAP-Message = 0x015200060d00
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a5674ec5fcf48af69eb9673ce
Finished request 7.
Going to the next request
Waking up in 4.1 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1409, id=82, length=1143
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 State = 0x5126e13a5674ec5fcf48af69eb9673ce
 EAP-Message = 0x0252041c0d00480186f842010104040302010630090603551d1204023000302b06096086480186f842010d041e161c54696e7943412047656e657261746564204365727469666963617465301a0603551d1104133011810f61646d696e407265736561752e6672300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382020100b4fd790ef8f11d64f233098a16d07e09e6557d80e839f3200b0e1acbdf7d57af0963a4a56fe5815809d2043ec4ea793ec38e2c46a6843994168e06eaeb588fd87394183f80e2bfac184fdc22f8d3db10cc5aa62e48a16b666bec9ee7ca0984459e313bed2b38a8cde1768670d266ce2bcab4
 EAP-Message = 0xcd0eda1be653a6c8632e4616b17bce7d7c8a3dd6cd0ff44011042c7e480ee7e2ea5635e3ddea066a2766857f7d5366ec0a91aaf02b786ce348d625e435534aac28f8b60b6acc0606420d1b8b4aaf4cc6f09c163f88643bba5cf078fe8c6a8241ca7e39cb9cfbefd5ac24ff498706cd8a1631bddbfdaee8db6c6e61bd2a05182e120ac922b5fd47418ba470b7f4002b02465422efcdc23e316e0f0bf956d16d7879ad0ab9c6f87211bc80d5b4d0e28d56d7b9e0e2d0df5f9cd1d47c588c0c60777423b2d03a5adb2b99612d111b7d9ce9fe8325c15e8328430b341de1c0a3a8f9aa16da33154982c90e7a6f34b913666e13b5d56e339e4801a02225fdac
 EAP-Message = 0xb48b62cfb0e3181bb4bebfd19e365db5847610d6bf34bbad6e79b330fe7bf0b52ac79db7d92d2fa26bfaf566a0210b547f65053063c100924f4603125b67d90bf61bdd4b510ca9759e3a7ab6058f91311894a3354555d211105469d457ca7bcdfe53cb0c05264d5d42081b4b1a16b2ee6de0d0df24b91ec31c8fe9865af3042e714621f0e60a5d4c1ae574082887dfd69b160301004610000042004080b22b44f42960a90edaccf239090fedd1088114026fc84d281155937a4d41c3052e67fa2c9e00127f9c4bc73bbff8607e3d96199a5c99cf5012195817b85bc716030101060f000102010033e90ba363bfbbd4e16ebaf4b4f3369126657b2064bc
 EAP-Message = 0xf6c5cd13819c8ed41374fdd3a69e7a133d7b7f0041c0143c6d84fbbfe0546e0679ee4f85d76fc6df1ea9d11b13a7fea2ff1a2d2218d1d5a15bd86d7aee928378346127506df59bf61174012d07cd94df9e68e5e9a1caf066f30479c31c86a0d2ed84e2f583677b2103d7b4bacb69298a4252ab26416d6faea1b5651f22cee9513b399d681c9b7c1f18954a8f76c804ffce6a0f71fb4668d1519341f743ea55da4ebe09bb11bb825aa0c202201a3de12360225c8ea7dcc814e27a61042e330f76b3067213d4d3819e1f7881d1b0fdd2ca21e1aa11984ef3ce7add3abbbb8c1b8b2049dc9eaa76eff62d271403010001011603010030895a75f7ef86c9a5
 EAP-Message = 0x0c4acf08e19cf5af7605cf1fb5311e2d51d0deba400a6bfa98833bf1c58583b96bf59aedba8ccf7f
 Message-Authenticator = 0xc651f7f0c00d4eca35888f3b689757c4
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 82 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 0
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7  
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 0d6c], Certificate  
[tls] chain-depth=1,  
[tls] error=0
[tls] --> User-Name = client_certificat
[tls] --> BUF-Name = wifi_certificat
[tls] --> subject = /C=FR/ST=France/L=Montpellier/O=salle/OU=salle_TD/CN=wifi_certificat/emailAddress=admin@reseau.fr
[tls] --> issuer  = /C=FR/ST=France/L=Montpellier/O=salle/OU=salle_TD/CN=wifi_certificat/emailAddress=admin@reseau.fr
[tls] --> verify return:1
[tls] chain-depth=0,  
[tls] error=0
[tls] --> User-Name = client_certificat
[tls] --> BUF-Name = client_certificat
[tls] --> subject = /C=FR/ST=France/L=Montpellier/O=salle/OU=salle_TD/CN=client_certificat/emailAddress=admin@reseau.fr
[tls] --> issuer  = /C=FR/ST=France/L=Montpellier/O=salle/OU=salle_TD/CN=wifi_certificat/emailAddress=admin@reseau.fr
[tls] --> verify return:1
[tls]     TLS_accept: SSLv3 read client certificate A  
[tls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange  
[tls]     TLS_accept: SSLv3 read client key exchange A  
[tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify  
[tls]     TLS_accept: SSLv3 read certificate verify A  
[tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[tls] <<< TLS 1.0 Handshake [length 0010], Finished  
[tls]     TLS_accept: SSLv3 read finished A  
[tls] >>> TLS 1.0 Handshake [length 06ea]???  
[tls]     TLS_accept: unknown state  
[tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[tls]     TLS_accept: SSLv3 write change cipher spec A  
[tls] >>> TLS 1.0 Handshake [length 0010], Finished  
[tls]     TLS_accept: SSLv3 write finished A  
[tls]     TLS_accept: SSLv3 flush data  
[tls]     (other): SSL negotiation finished successfully  
SSL Connection Established  
[tls] eaptls_process returned 13  
++[eap] returns handled
Sending Access-Challenge of id 82 to 192.168.3.12 port 1409
 EAP-Message = 0x015304000dc00000072a16030106ea040006e60000000006e0fac54a4018b2f247f0d0a39f727abdd2c0343bd045e72fae800afcf0fadd47b1be9eaedf62fadcd512828e5133c464cc44d39e9d20922afecd2d1e9d7949adffb92b1a7d161993cee78539d45a7dfa66cc776546c340cd05b21cc76a2d8e734d6a3084c6772e98e256ad070bf9a463f4f7551e07180fc5c0bcd7c68f1ff275a4431995a8c4c8264a063968ffbe008aff864807a1a377fdf3fedf41e4d6fc6a96315ccf724667089a747997f21fadbba4a055c19811f0dd71ae3e84e98318b8a52df302bf1a7fb28a664d6f13856e368dfd4a84db9edb19a56e4afeb612e280f4147d2e3c
 EAP-Message = 0x9a934c27198ae5e16cb34087c4afa2bda8454c91cd688ae04860a75194f3b2c3254fcc9013b8526a4dc6ff8d74031beb54b0eda605bc1ddb764438af0fe291595c1aa6c24da6595426797a1e63a7acd1b423f6889a8e547a5dc9c2ce8e33bed6384d6e821bb81858784c5dc5cc5fb3a99ec1c2a55a6b082e49fe647eb829a7fdd0f8010eb3c27e6a21239a78fef7866ed3e6d70ecb974c0a81b7f146ed3a9dcd4ecc21e70817514cf89033771468e63cac13977d386b345c9212a2f6f4a6fdcfc451c4bcf4493afe302eccd1b33e2f426a4d07b5fb8be02d4e22f967620b0b39121c2a4b4a8b252c1e4bb26a1c912d8ea0ba9b274631c8066f165f57c9
 EAP-Message = 0xf411584c023367c10dfe114e3f2ac706579658181ce836aa788991a2fd67afe674831a85f4815bf0b8f1f9b44f55a2ab2632dd7952a427a794e24efb1a18914eb69e65e0f1e4a9839ecca07893d4874f89e3af30738881771cf11ebb98534c4233e89b0bdb3a0e64f784ee77d755af0083947276aa76cd3a908b0def3ca47b7a31a3a05112acadd88b9bcc779ee36a3c3b7548bba700a8f5827dfd41b36328a0a83034753ce8b781837c1eeddd0f3110e5e94e5a4205be13a36bf1391eac8ad5e6353943cafe886fdecf28c4d14452f0750f74917d80cfa085d96801cc24f6dc1d8a87b8ba86362eb4521952bfa854360540e1f0848fdeecbfd23d9198
 EAP-Message = 0x280487c68eeaf11139cc35801e5057395edf94fba5208c943647655ddb9b52e9d51ecbbb53e4f857320c2ef0bfda5da3dcd71dcac5b8d6b7f2744c94cd8624f52dc0b836b5aa9d883941f59cb9b7c6cbbf62bd36fbcc12fa87f5867da8612c033eb21984ac9d5dcf344e13f82ed83bca916ae706d6e043db0f4cf2624fe11b02336b97deaa2698c1519d0c05f5c13d6573851e7b8367ea2aef441bbcd0b225c92518f5ecabe13ce248781f2d5aa96c2bb27e5b85a74b1314fd5df9827ce4bf6bf2e6d1867e91a35abf058d6dd8fef76eb48c445e827ce01c51cb6051cfe2cf310d792cfc1b30b8c260fcc215300de6bd447ed44f883467482587fc3e1b
 EAP-Message = 0x97ccba096af47b2794630a8c
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x5126e13a5975ec5fcf48af69eb9673ce
Finished request 8.
Going to the next request
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.3.12 port 1410, id=83, length=115
 User-Name = "client_certificat"
 NAS-IP-Address = 192.168.3.12
 NAS-Port = 29
 Service-Type = Framed-User
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 State = 0x5126e13a5975ec5fcf48af69eb9673ce
 EAP-Message = 0x025300060d00
 Message-Authenticator = 0x687a4bbf9c2238b23c4ca5b1dedeaed9
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 83 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
 expand: %{User-Name} -> client_certificat
[sql] sql_set_user escaped user --> 'client_certificat'
rlm_sql (sql): Reserving sql socket id: 4
 expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'client_certificat'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'client_certificat'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
[sql] User client_certificat not found
++[sql] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake is finished
[tls] eaptls_verify returned 3  
[tls] eaptls_process returned 3  
[tls] Adding user data to cached session
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 83 to 192.168.3.12 port 1410
 MS-MPPE-Recv-Key = 0x9e9d4907384415a2c30dd92cf67f3511a4d77821bea06577e543d7a69f491e31
 MS-MPPE-Send-Key = 0x39db7ace247e6b58c008000167185490896df57020e080fa2c861ee9e6aeaac4
 EAP-Message = 0x03530004
 Message-Authenticator = 0x00000000000000000000000000000000
 User-Name = "client_certificat"
Finished request 9.
Going to the next request
Waking up in 3.8 seconds.
Cleaning up request 0 ID 74 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 1 ID 75 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 2 ID 76 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 3 ID 77 with timestamp +47
Cleaning up request 4 ID 78 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 5 ID 79 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 6 ID 80 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 7 ID 81 with timestamp +48
Waking up in 0.1 seconds.
Cleaning up request 8 ID 82 with timestamp +48
Waking up in 0.1 seconds.
Cleaning up request 9 ID 83 with timestamp +48
Ready to process requests.

n°57195
Fi3rC3
Posté le 19-08-2009 à 21:25:05  profilanswer
 

Ok ,  
 
C'est vrai que là ... vraiment bizarre que ça ne marche pas malgré le access-accept !
 
Et ton AP, configurée comment ?


---------------
Mon Feed-Back                        ° Mes Ventes en Cours °
n°57203
ayyadi
Posté le 19-08-2009 à 23:10:14  profilanswer
 

Merci pour votre reponse
 
j'ai un point d'acces 3Com, je l configuré avec une adresse ip fixe et comme mode de cryptage le wpa entreprise et je lui communique l'adresse de mon serveur radius ainsi le port et le secret.
 
le probleme a mon avis ca vient pas du point d'accès mais de client ubuntu, car le point d'accès ca marche bien avec windows.
 
j'aimerai savoir est ce que ta deja arrivé a faire fonctionner un client linux(n'importe ql distribution) avec radius??, car c'est we j'aimerais savoir la demarche que ta suivi.
 
j'ai posté ce probleme dans 7 forum et il y a personne qu'a repondu sauf ici, malgré que c'est un probleme que les utilisateurs rencontre souvant? meme dans les tutoriels de configuration o bien dans les rapport de stage, il evite de parler d'une configuration client linux, c toujours que windows.
 
Merci bien


Message édité par ayyadi le 19-08-2009 à 23:13:39
n°57392
Fi3rC3
Posté le 24-08-2009 à 22:24:09  profilanswer
 

Slt, et dsl pour le retard,  
 
Pour la mise en place de radius, oui je l'ai déja fait (PEAP) avec le client dispo sur Ubuntu. Tu pourrais essayé de faire une capture entre toi et l'AP de façon à voir sir tu reçois bien l'EAP Accept ? Après il y a normalement négo de clés pour le chiffrement entre toi et l'AP, c'est peut être là que sa plante !


---------------
Mon Feed-Back                        ° Mes Ventes en Cours °

Aller à :
Ajouter une réponse
  FORUM HardWare.fr
  Systèmes & Réseaux Pro
  Sécurité

  probleme Freeradius - méthode eap-tls

 

Sujets relatifs
Problème Serv 2K3 inaccessibleClient TSE probleme d'envoie de touches clavier
problème OWAproblème webmail
probléme lors de la création de server web chez soiprobléme de création de server web chez soi
Problème de réplication de dossiers publics avec Exchange 2003Problème fonctionnement IIS
Problème de branchement entre la xbox et la freeprobleme connection livebox sans fil
Plus de sujets relatifs à : probleme Freeradius - méthode eap-tls

Forum MesDiscussions.Net, Version 2010.2
(c) 2000-2011 Doctissimo
Page générée en 0.057 secondes

Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR