Hello,
I changed testing from radtest to rad_eap_test and I'm still fighting with it. I prepared testing binary eapol_test and than run rad_eap_test. In first try it comunicates with Identity provider server but it fail. Other test doesn't comunicate with IdP and in every test I see this debug lines below. In my testing space I don't use TrustRouter and it's still trying communicate with port 12309, which I think is for Trust router. In debug you can also see that there is some problem with eap-ttls tunnel. It says that tunnel challange is incorrect but on the IdP debug there is no communication with relay proxy. It looks that there is some problem with local tunnel. I cannot resolve where I made mistake. I try add to rad_eap_test atributes with keys but nothing worked.
(5) suffix: Checking for suffix after "@"
(5) suffix: Looking up realm "muj.prostor" for User-Name = "[log in to unmask]"
Opening TIDC connection to localhost:0
gss_connect: Connecting to host 'localhost' on port 12309
OpenConnection failed: Connection refused (err = 111)
AuthenticateToServer failed: Connection refused (err = 111)
Error in tidc_open_connection.
(5) suffix: No such realm "muj.prostor"
(5) [suffix] = noop
(5) eap: Peer sent code Response (2) ID 5 length 155
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /etc/freeradius/sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0xc8dc6ab4ccd97fc8
(5) eap: Finished EAP session with state 0xc8dc6ab4ccd97fc8
(5) eap: Previous EAP request found for state 0xc8dc6ab4ccd97fc8, released from the list
(5) eap: Peer sent method TTLS (21)
(5) eap: EAP TTLS (21)
(5) eap: Calling eap_ttls to process EAP data
(5) eap_ttls: Authenticate
(5) eap_ttls: processing EAP-TLS
(5) eap_ttls: eaptls_verify returned 7
(5) eap_ttls: Done initial handshake
(5) eap_ttls: eaptls_process returned 7
(5) eap_ttls: Session established. Proceeding to decode tunneled attributes
(5) eap_ttls: Tunneled challenge is incorrect
SSL: Removing session ca874eaa98376737632bdccdc22d74c80d479ce1cb834a23195247802b296d5a from the cache
(5) eap: ERROR: Failed continuing EAP TTLS (21) session. EAP sub-module failed
(5) eap: Failed in EAP select
(5) [eap] = invalid
(5) } # authenticate = invalid
(5) Failed to authenticate the user
(5) Using Post-Auth-Type Reject
Greatings
Roman
|