EAP issue

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

EAP issue

legdayallday
Hello,

There seems to be an issue with the EAP module but I cannot spot it:

(0)   authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_peap to process data
(0) eap_peap: Initiating new EAP-TLS session
(0) eap_peap: Flushing SSL sessions (of #0)
(0) eap_peap: [eaptls start] = request
(0) eap: Sending EAP Request (code 1) ID 106 length 6
(0) eap: EAP session adding &reply:State = 0xf7942626f7fe3f0a
(0)     [eap] = handled
(0)   } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found.  Ignoring.
(0) # Executing group from file /etc/raddb/sites-enabled/********
(0) Sent Access-Challenge Id 245 from ************:1812 to ************:62704 length 0
(0)   EAP-Message = 0x016a00061920
(0)   Message-Authenticator = 0x00000000000000000000000000000000
(0)   State = 0xf7942626f7fe3f0a42c923255cc967ab
(0) Finished request
Waking up in 4.9 seconds.

(1)   authenticate {
(1) eap: Expiring EAP session with state 0xf7942626f7fe3f0a
(1) eap: Finished EAP session with state 0xf7942626f7fe3f0a
(1) eap: Previous EAP request found for state 0xf7942626f7fe3f0a, released from the list
(1) eap: Peer sent packet with method EAP PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Continuing EAP-TLS
(1) eap_peap: Peer indicated complete TLS record size will be 131 bytes
(1) eap_peap: Got complete TLS record (131 bytes)
(1) eap_peap: [eaptls verify] = length included
(1) eap_peap: (other): before SSL initialization
(1) eap_peap: TLS_accept: before SSL initialization
(1) eap_peap: TLS_accept: before SSL initialization
(1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 007e]
(1) eap_peap: TLS_accept: SSLv3/TLS read client hello
(1) eap_peap: >>> send TLS 1.2  [length 005d]
(1) eap_peap: TLS_accept: SSLv3/TLS write server hello
(1) eap_peap: >>> send TLS 1.2  [length 0e78]
(1) eap_peap: TLS_accept: SSLv3/TLS write certificate
(1) eap_peap: >>> send TLS 1.2  [length 014d]
(1) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(1) eap_peap: >>> send TLS 1.2  [length 0004]
(1) eap_peap: TLS_accept: SSLv3/TLS write server done
(1) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(1) eap_peap: In SSL Handshake Phase
(1) eap_peap: In SSL Accept mode
(1) eap_peap: [eaptls process] = handled
(1) eap: Sending EAP Request (code 1) ID 107 length 1004
(1) eap: EAP session adding &reply:State = 0xf7942626f6ff3f0a
(1)     [eap] = handled
(1)   } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found.  Ignoring.
(1) # Executing group from file /etc/raddb/sites-enabled/**********
(1) Sent Access-Challenge Id 246 from **********:1812 to **********:62704 length 0
(1)   EAP-Message = ****************************************************************************
(1)   Message-Authenticator = 0x00000000000000000000000000000000
(1)   State = 0xf7942626f6ff3f0a42c923255cc967ab
(1) Finished request
Waking up in 4.9 seconds.

This happens until the EAP session expires. Could anyone please offer some insight?

Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: EAP issue

Alan DeKok-2
On Sep 24, 2020, at 5:27 AM, lingctam <[hidden email]> wrote:
> There seems to be an issue with the EAP module but I cannot spot it:

  It's not an issue with the EAP module.
> ...
> (1) Sent Access-Challenge Id 246 from **********:1812 to **********:62704 length 0
> (1)   EAP-Message = ****************************************************************************
> (1)   Message-Authenticator = 0x00000000000000000000000000000000
> (1)   State = 0xf7942626f6ff3f0a42c923255cc967ab
> (1) Finished request
> Waking up in 4.9 seconds.
>
> This happens until the EAP session expires. Could anyone please offer some insight?

  https://wiki.freeradius.org/guide/Certificate%20Compatibility

  If the server gets more EAP packets, it print out a huge warning message, with a link to that page.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html