PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Radius Server verify error:num=24



maxilorent
18.03.10, 15:07
Hallo zusammen,

ich bin gerade dabei einen Radius Server aufzusetzen, der Zur WLAn Authentifizierung verwendet werden soll. Zunächst einmal will ich das ganze über Zertifikate realisieren, möchte also EAP-TLS verwenden. Ich komme jedoch nicht weiter, da ich immer die Fehlermeldung


Radius Server verify error:num=24

erhalte.

Im folgenden einmal der Auszug aus den letzten Meldungen des Radius Debuggings, das ich mit radiusd -X gestartet habe:


aking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2063, id=0, length=1107
Cleaning up request 10 ID 0 with timestamp +25
User-Name = "mobil1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00259c43b489"
Calling-Station-Id = "00265e705e42"
NAS-Identifier = "00259c43b489"
NAS-Port = 44
Framed-MTU = 1400
State = 0x6fde0b0d6bdb066962bd39887ae3044d
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020503c90d00307aa7427fc14a28427cba0d8e06312e1fb3 f58e959465711d1353da6f214cc5ab3b2ba0a527aa2fc2b5f5 b523ef5709aa596e3fe82208d21a45400952276969a7ff3797 2a8dcea55b810203010001a317301530130603551d25040c30 0a06082b06010505070301300d06092a864886f70d01010505 000382010100241c28d2834cf0324e43fe3b527fa351e4b0d8 71546d5637bbc1288fb386e80219e8d8f931188af4ded15c0b 7d0e0036f20fd12934da0766d31b5de5b7e25e0f5afc5f48f3 99e348458e0430d88f09d96349c4fbbdee074b6957fea896d7 83f0773dc2cd2670b195982cf616889212f28f285013c38dfb be582e88
EAP-Message = 0x0c7694562762cf388de6de4753e70ee8bf0015f06d86de08 b70ab648163871e450280f6275ea57e8e2e522a2a9a2bfa3c4 9a8352770ebdcefcb5a08bbdf24563000289a8bf027300bde9 7d1307ba3a2527b67011788d1882932fc2adc36e1899aa4ad8 58214ce5a34154b545df210c382a6c3af7240a53a852e835d0 48931faac4a9f6b96d10000102010029a937f0df050dfdccad dd1cf0846f3fa0ce31a4b5056a56acffec612a7ffb71cca046 8bef7e628c9f2fb1e328b63103fc182dfca615331f92355cba b9b531017bbea7e6311c29c9c9b7ac13426ffaa58519a27abb 64b1c6eabe2d84d16d6fb1b0419b5fb775e62dc5c02135f26c 0d551142
EAP-Message = 0xe666db4e91085bb4964707a0cc52739e9ef9818d5e3a0128 0430986d3a930c6c038a42f0390e45e006bdd3ec0a8dfccd78 9bed791a227632ec7f38371c743342f4e81ea5b9541107ff50 9f529b0397a182f6e1ed0883415a08c7c18fc945cc75e5b0b6 5625b16ceb57492247faaf6c7e8ba05f8c6ed7f7b1b58abf59 695dec09b833402f51e8803d3ec073b1d2640f000102010035 889287bce89804f01bc8fbfbd9a38bbe207f5a7f714079c364 8cacd8f59858e6c07c4e0efa0e0e8203fe5cdca0cd4f5994e0 cfe21e7b52025d2dbf5c4327155d8b12fcd1ba93a592dae7fa 72f12f9136a90b6dd38efda5a383d2e6b92407b417fbb55932 369e84b0
EAP-Message = 0x4dfb4996a2d093ebbaf8006cbbd5fe8bafd109519b2b600f 9ef6cb0ff4abe9cdbf9d524ac194f5a12681ccffe6b8b49714 bd3fe9c2bdc025b527f4247fb4eee6dba7ae6f8f69576d5531 0f700447d17ca507fdc72a9250a61b947eed72f3e66c1284ba 56db81da76cce7575f14171d80d8d9568bb6da830569c6d841 611abc6ede655b2113922cd2d717cfaee8a933626a40e4e12f 4f2c1403010001011603010030bfce6df90099a3b1a978042e e0d0abee260a8699a5b75739be2f5d40fd652a5a94f94c814e 7a284ab724b68ee5d2ca67
Message-Authenticator = 0x71675f378447888b1aeaa0902678c519
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "mobil1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 0741], Certificate
--> verify error:num=24:invalid CA certificate
[tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> mobil1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Sending Access-Reject of id 0 to 192.168.1.1 port 2063
EAP-Message = 0x04050004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 11 ID 0 with timestamp +25
Ready to process requests.


Könnt ihr was damit anfangen und mir weiterhelfen? Ich würde mich übrigens auch freuen, wenn mir jemand mal einnen Link zu einer vernünftigen Anleitung geben könnte (auch für PEAP).

Danke schon einmal im Vorraus.

hessijens
18.03.10, 16:32
[tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA

Es stimmt etwas nicht mit Deiner CA. Kannst Du Deine eap.conf posten? Wie sind die Zertifikate erstellt?