× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. LINUX5250
  3. January 2004

rlm_eap_tls: SSL_read Error

Hi all,

I'm configuring an Wireless Access Point with 802.1x and I have the following 
problem:

I use:
    FreeRadius
    Access Point: Enterasys RoamAbout R2 Wireless Access Platform
    PCICard in client: Cisco

My FreeRadius logs are:

---------------------------------------------------------------

Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.49.188:1029, id=9, length=215
        Message-Authenticator = 0x901ec33431b5df912f13359202ba6c4b
        User-Name = "333333333333"
        State = 
0x710cc1b03ddf92e27de2cf19f94e9adf59f70c40af9f480d4ef226f14d446f6de77c649b
        NAS-IP-Address = 192.168.49.188
        NAS-Port = 2
        NAS-Port-Type = Wireless-802.11
        Calling-Station-Id = "00-0b-46-26-1c-44"
        Framed-MTU = 1000
        EAP-Message = 
"\002\003\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001@\014\367\211\014\031\312\323\314\307\252\215\262@ub\033/\327l\212\266z\002\010\311V\236G\371|\311\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for 333333333333
radius_xlat:  '(uid=333333333333)'
radius_xlat:  'ou=Wireless,dc=sgi,dc=es'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter 
(uid=333333333333)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusExpiration as Expiration, value 19 & op=21
rlm_ldap: Adding radiusAuthType as Auth-Type, value EAP & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user 333333333333 authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls:  Length Included
undefined: before/accept initialization 
TLS_accept: before/accept initialization 
<<< TLS 1.0 Handshake [length 0041], ClientHello

TLS_accept: SSLv3 read client hello A 
>>> TLS 1.0 Handshake [length 004a], ServerHello

TLS_accept: SSLv3 write server hello A 
>>> TLS 1.0 Handshake [length 0599], Certificate

TLS_accept: SSLv3 write certificate A 
>>> TLS 1.0 Handshake [length 00b0], CertificateRequest

TLS_accept: SSLv3 write certificate request A 
TLS_accept: SSLv3 flush data 
TLS_accept:error in SSLv3 read client certificate A 
rlm_eap_tls: SSL_read Error
 Error code is ..... 2 
 SSL Error ..... 2 
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 9 to 192.168.49.188:1029
        EAP-Message = 
"\001\004\004\n\r\300\000\000\006\242\026\003\001\000J\002\000\000F\003\001@\014\367Y\017I3\210\300\240\033'y\233>5\237\221*Yk\327\021\322d\376\004\276Q\305Pl
 
\200\206\241\370\372\331\252)?\350p\273$\016"\035\234\244\304\266~:\301\270\334Fz\271\026\352T\014\000\004\000\026\003\001\005\231\013\000\005\225\000\005\222\000\002\3260\202\002\3220\202\002;\240\003\002\001\002\002\001\0010\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2361\0130\t\006\003U\004\006\023\002ES1\0200\016\006\003U\004\010\023\007Sev"
        EAP-Message = "0\027\006\003U\004\003\024\020Cert19_01_04 
SGI1\0210\017\006\t*\206H\206\367\r\001\t\001\026\002CA0\036\027\r040119154828Z\027\r240114154828Z0\201\2451\0130\t\006\003U\004\006\023\002ES1\0200\016\006\003U\004\010\023\007Sevilla1\0200\016\006\003U\004\007\023\007Sevilla1*0(\006\003U\004\n\023!Soluciones
 Globales Internet 
S.A.1\0210\017\006\003U\004\013\023\010Wireless1\0340\032\006\003U\004\003\024\023CertRad19_01_04
 SGI1\0250\023\006\t*\206H\206\367\r\001\t\001\026\006RADIUS0\201\2370\r\006\t*"
        EAP-Message = 
"\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\272%6;\331\227\013\013:\273\001$\304\222f\336&\021\312\220\032w\205r\3435Rc1QM\312\376<>\310\016Ts\361|\274\266\212\014E\377\326$\313\206\010b8\254
 
\212H\013L\315\210\010\320\344\274\216&\354\205\224X\n\247\204\250N\305+\267\017\337\004\276pT\007[\t
 
\037\375Q\311\276\006\302\014\010\230\301\244Z\303\202E\225\353\322\226lGW\353Dr\354\303l@\301\266\272U\023\240\353\002\003\001\000\001\243\0270\0250\023\006\003U\035%\004\0140\n\006"
        EAP-Message = 
"B\347GO4l\330x\006;\232\275\206\224\017c\204\257<(-\205\260\221/q\226\320;\255\230Qy\364\210\023\013A\257\343\265^\375R\322\335PE\242\217D
 
\332$\215\221\230\3241\252\002\244\330\230\207\006\326\020\222\246\316\212~r\000\002\2660\202\002\2620\202\002\033\240\003\002\001\002\002\001\0000\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2361\0130\t\006\003U\004\006\023\002ES1\0200\016\006\003U\004\010\023\007Sevilla1\0200\016\006\003U\004\007\023\007Sevilla1*0(\006\003U\004\n\023!Soluciones
 Globales Internet"
        EAP-Message = 
"0\017\006\t*\206H\206\367\r\001\t\001\026\002CA0\036\027\r04011"
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 
0xd2d6a5b51e3bc2111ab41cfc65fcee2559f70c4002d58d87f53ee6ed8ab03aef80f1f5a2
Finished request 126
Going to the next request
Cleaning up request 123 ID 6 with timestamp 400cf754
Cleaning up request 124 ID 7 with timestamp 400cf754
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 125 ID 8 with timestamp 400cf759
Cleaning up request 126 ID 9 with timestamp 400cf759
Nothing to do.  Sleeping until we see a request.

----------------------------------------------------------------------


How you can see there is an error

undefined: before/accept initialization
TLS_accept: before/accept initialization 
<<< TLS 1.0 Handshake [length 0041], ClientHello

TLS_accept: SSLv3 read client hello A 
>>> TLS 1.0 Handshake [length 004a], ServerHello

TLS_accept: SSLv3 write server hello A 
>>> TLS 1.0 Handshake [length 0599], Certificate

TLS_accept: SSLv3 write certificate A 
>>> TLS 1.0 Handshake [length 00b0], CertificateRequest

TLS_accept: SSLv3 write certificate request A 
TLS_accept: SSLv3 flush data 
TLS_accept:error in SSLv3 read client certificate A 
rlm_eap_tls: SSL_read Error
 Error code is ..... 2 
 SSL Error ..... 2 


But if I use another Wireless Access Point (for example D-Link AP) there is not 
any problem.

What can I do!!!!!?????



Please help me!!!



José Luis Solano
SGI - Soluciones Globales Internet S.A.
Delegación Regional Sur
jlsolano@xxxxxx
(+34) 954.088.060

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.