Menu
▾
▴
Re: [Jradius-users] Re: Missing EAP-Message
|
From: Dubravko P. <dpe...@sr...> - 2006-02-23 15:36:24
|
Hi David,
Your patch fix first of my problem :) ... but now I have few more :)
I have two logs which describe a problem first JRadius client log
net.sf.jradius.exception.RadiusException:
javax.net.ssl.SSLException: Unsupported record version
Unknown-117.99
=A0atnet.sf.jradius.client.auth.EAPTLSAuthenticator.doEAPType(EAPTLSAuthent=
icat
or.java:524)
=A0atnet.sf.jradius.client.auth.EAPAuthenticator.doEAP(EAPAuthenticator.jav=
a:18
9)
=A0atnet.sf.jradius.client.auth.EAPAuthenticator.processChallenge(EAPAuthen=
tica
tor.java:94)
=A0at
net.sf.jradius.client.RadiusClient.authenticate(RadiusClient.java:320)
=A0at net.sf.jradius.client.RadClient.main(RadClient.java:319)
=A0at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
=A0atsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j=
ava:
39)
=A0atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess=
orIm
pl.java:25)
=A0at java.lang.reflect.Method.invoke(Method.java:585)
=A0at com.intellij.rt.execution.application.AppMain.main(Unknown
Source)
Caused by: javax.net.ssl.SSLException: Unsupported record version
Unknown-117.99
=A0atcom.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(E=
ngin
eInputRecord.java:97)
=A0atcom.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl=
=2Ejav
a:759)
=A0at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674)
=A0at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
=A0atnet.sf.jradius.client.auth.EAPTLSAuthenticator.tlsHandshake(EAPTLSAuth=
enti
cator.java:293)
=A0atnet.sf.jradius.client.auth.EAPTLSAuthenticator.doEAPType(EAPTLSAuthent=
icat
or.java:491)
=A0... 9 more
Process terminated with exit code 0
On server side I got next
2006/02/23 16:14:14.164 <engine.item.setup> Client timeout is: 15000
25 <engine.item.setup> xxx.xxx.xxx.xxx:1260->0.0.0.0:1812(1)
39 <engine.item.setup> Request decode:
=09User-Name =3D "ea...@sr..."
=09Message-Authenticator =3D "A17A0E61C3B6A9E93377FDCD2FBB4DA4"
=09EAP-Message =3D "Response/Identity(0): dat...@sr..."
39 <engine.item.setup> User-Name parsed: Base-User-Name =3D "eaptest"=
,=20
User-Realm =3D "srce.hr"
39 <engine.methodselect> MethodSelect.search: Default...using '*'=20
rule.
40 <engine.item.setup> Item setup complete
68 <engine.worker.3> -> callSetParam[ReadWrite]
68 <plugin.ReadWrite.callSetParam> SUCCESS -- Success.
68 <engine.worker.3> callSetParam[ReadWrite] ->=20
funcSUDsetparam[ReadWrite] by SUCCESS -- Success.
68 <plugin.ReadWrite.funcSUDsetparam> SUCCESS -- Success.
68 <engine.worker.3> funcSUDsetparam[ReadWrite] ->=20
funcSUDsetvar[ReadWrite] by SUCCESS -- Success.
68 <plugin.ReadWrite.funcSUDsetvar> SUCCESS -- Success.
68 <engine.worker.3> funcSUDsetvar[ReadWrite] ->=20
funcSUDlowervar[ReadWrite] by SUCCESS -- Success.
68 <plugin.ReadWrite.funcSUDlowervar> SUCCESS -- Success.
68 <engine.worker.3> funcSUDlowervar[ReadWrite] ->=20
funcSUDrealmVlan[PatternMatch] by SUCCESS -- Success.
68 <plugin.PatternMatch.funcSUDrealmVlan> Searching for "srce.hr"
68 <plugin.PatternMatch.funcSUDrealmVlan> FAILURE -- No case found=20
for SearchKey "srce.hr"
68 <engine.worker.3> funcSUDrealmVlan[PatternMatch] ->=20
funcSUDrealmAD[PatternMatch] by FAILURE -- No case found for SearchKey=20
"srce.hr"
68 <plugin.PatternMatch.funcSUDrealmAD> Searching for "srce.hr"
68 <plugin.PatternMatch.funcSUDrealmAD> FAILURE -- No case found for=
=20
SearchKey "srce.hr"
68 <engine.worker.3> funcSUDrealmAD[PatternMatch] ->=20
funcSUDrealmD[PatternMatch] by FAILURE -- No case found for SearchKey=20
"srce.hr"
68 <plugin.PatternMatch.funcSUDrealmD> Searching for "srce.hr"
68 <plugin.PatternMatch.funcSUDrealmD> SearchKey "srce.hr" matches=20
"(.*)\\.(.*)"
68 <plugin.PatternMatch.funcSUDrealmD> SUCCESS -- SearchKey "srce.hr"=
=20
matches "(.*)\\.(.*)"
68 <engine.worker.3> funcSUDrealmD[PatternMatch] -> returnSUD[Branch]=
=20
by SUCCESS -- SearchKey "srce.hr" matches "(.*)\\.(.*)"
68 <plugin.Branch.returnSUD> searchValue =3D '0001'.
68 <plugin.Branch.returnSUD> JUMP->doCheckLocal -- Found a match.
68 <engine.worker.3> returnSUD[Branch] -> doCheckLocal[Compare] by=20
JUMP->doCheckLocal -- Found a match.
68 <plugin.Compare.doCheckLocal> Input1 =3D 'srce:hr'.
68 <plugin.Compare.doCheckLocal> Input2 =3D 'srce:hr'.
68 <plugin.Compare.doCheckLocal> Operator is '=3D=3D'.
68 <plugin.Compare.doCheckLocal> SUCCESS -- Comparison is true.
68 <engine.worker.3> doCheckLocal[Compare] -> doCheckEAP[Compare] by=
=20
SUCCESS -- Comparison is true.
68 <plugin.Compare.doCheckEAP> Input1 =3D 'eaptest'.
68 <plugin.Compare.doCheckEAP> Input2 =3D ''.
68 <plugin.Compare.doCheckEAP> Operator is '!=3D'.
69 <plugin.Compare.doCheckEAP> SUCCESS -- Comparison is true.
69 <engine.worker.3> doCheckEAP[Compare] -> doEap[AuthEapTtls] by=20
SUCCESS -- Comparison is true.
69 <plugin.AuthEapTtls.doEap> EAP-Message input:
=09"Response/Identity(0): dat...@sr..."
81 <plugin.AuthEapTtls.doEap> Sending TTLS Start message
81 <plugin.AuthEapTtls.doEap> EAP-Message output:
=09"Request/EAP-TTLS(1): flags=3D20(S) "
81 <plugin.AuthEapTtls.doEap> CHALLENGE->doEap -- doEap indicates=20
challenge
81 <engine.worker.3> doEap[AuthEapTtls] exits by CHALLENGE->doEap --=
=20
doEap indicates challenge
81 <engine.worker.3> StateCache: key=3D57540, timeout=3D195000
81 <engine.worker.3> Reply encode:
=09EAP-Message =3D "Request/EAP-TTLS(1): flags=3D20(S) "
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57540"
=09Session-Timeout =3D 180
81 <engine.worker.3> Reply attribute dump
=09EAP-Message =3D "Request/EAP-TTLS(1): flags=3D20(S) "
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57540"
=09Session-Timeout =3D 180
136 <engine.item.setup> Client timeout is: 15000
137 <engine.item.setup> 161.53.2.205:1260->0.0.0.0:1812(2)
137 <engine.item.setup> Request decode:
=09User-Name =3D "ea...@sr..."
=09Message-Authenticator =3D "9C9424EE8722DD6CEFE00354D9FE5CD9"
=09State =3D "57540"
=09EAP-Message =3D "Response/EAP-TTLS(1): flags=3D80(L) msg.length=3D58=20
frag.length=3D54"
137 <engine.item.setup> User-Name parsed: Base-User-Name =3D "eaptest"=
,=20
User-Realm =3D "srce.hr"
137 <engine.item.setup> Item setup complete
137 <engine.worker.3> Challenge/Continue response merged
137 <engine.worker.3> -> doEap[AuthEapTtls]
137 <plugin.AuthEapTtls.doEap> EAP-Message input:
=09"Response/EAP-TTLS(1): flags=3D80(L) msg.length=3D58 frag.length=3D54"
250 <plugin.AuthEapTtls.doEap> Sending a 58 byte message to the EAP=20
TTLS server:
=09Handshake,v3.1
=09 ClientHello
=09 version 3.1
=09 random =3D=20
43FDD140AB7A34BABA1F29263D2D18FAD2E6CBB54FC2286BBF174205A04D2F47
=09 session_id =3D
=09 cipher_suites
=09 TLS_RSA_WITH_AES_128_CBC_SHA
=09 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
=09 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
=09 compression_methods
=09 NULL
Caught java.lang.ArrayIndexOutOfBoundsException: 58
250 <plugin.AuthEapTtls.doEap> SUSPEND -- Waiting for next EAP message
250 <engine.worker.5> doEap[AuthEapTtls] exits by SUSPEND -- Waiting=
=20
for next EAP message
252 <plugin.AuthEapTtls.doEap> Received a 2610 byte message from the=
=20
EAP TTLS server:
=09Handshake,v3.1
=09 ServerHello
=09 version 3.1
=09 random =3D=20
43FDD146934A47B39394C495D2D7D0A2EDAFA4C9AEF0A725FF86EA40B7A32670
=09 session_id =3D 113CDADCD6221D63CB15E9DAD1932E99
=09 cipher_suite =3D TLS_RSA_WITH_AES_128_CBC_SHA
=09 compression_method =3D NULL
=09 Certificate
=09 ServerHelloDone
252 <plugin.AuthEapTtls.doEap> Item rescheduled
252 <plugin.AuthEapTtls.doEap> EAP-Message output:
=09"Request/EAP-TTLS(2): flags=3DC0(LM) msg.length=3D2610=20
frag.length=3D1002"
252 <plugin.AuthEapTtls.doEap> CHALLENGE->doEap -- doEap indicates=20
challenge
253 <engine.worker.8> doEap[AuthEapTtls] exits by CHALLENGE->doEap --=
=20
doEap indicates challenge
253 <engine.worker.8> StateCache: key=3D57541, timeout=3D195000
253 <engine.worker.8> Reply encode:
=09EAP-Message =3D "Request/EAP-TTLS(2): flags=3DC0(LM) msg.length=3D2610=
=20
frag.length=3D1002"
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57541"
=09Session-Timeout =3D 180
253 <engine.worker.8> Reply attribute dump
=09EAP-Message =3D "Request/EAP-TTLS(2): flags=3DC0(LM) msg.length=3D2610=
=20
frag.length=3D1002"
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57541"
=09Session-Timeout =3D 180
256 <engine.item.setup> Client timeout is: 15000
256 <engine.item.setup> 161.53.2.205:1260->0.0.0.0:1812(3)
256 <engine.item.setup> Request decode:
=09User-Name =3D "ea...@sr..."
=09Message-Authenticator =3D "D92510753C0BAADFE6D1506083332720"
=09State =3D "57541"
=09EAP-Message =3D "Response/EAP-TTLS(2): flags=3D00()"
256 <engine.item.setup> User-Name parsed: Base-User-Name =3D "eaptest"=
,=20
User-Realm =3D "srce.hr"
256 <engine.item.setup> Item setup complete
256 <engine.worker.8> Challenge/Continue response merged
256 <engine.worker.8> -> doEap[AuthEapTtls]
256 <plugin.AuthEapTtls.doEap> EAP-Message input:
=09"Response/EAP-TTLS(2): flags=3D00()"
256 <plugin.AuthEapTtls.doEap> EAP-Message output:
=09"Request/EAP-TTLS(3): flags=3D40(M) frag.length=3D1006"
257 <plugin.AuthEapTtls.doEap> CHALLENGE->doEap -- doEap indicates=20
challenge
257 <engine.worker.7> doEap[AuthEapTtls] exits by CHALLENGE->doEap --=
=20
doEap indicates challenge
257 <engine.worker.7> StateCache: key=3D57542, timeout=3D195000
257 <engine.worker.7> Reply encode:
=09EAP-Message =3D "Request/EAP-TTLS(3): flags=3D40(M) frag.length=3D1006=
"
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57542"
=09Session-Timeout =3D 180
257 <engine.worker.7> Reply attribute dump
=09EAP-Message =3D "Request/EAP-TTLS(3): flags=3D40(M) frag.length=3D1006=
"
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57542"
=09Session-Timeout =3D 180
261 <engine.item.setup> Client timeout is: 15000
261 <engine.item.setup> 161.53.2.205:1260->0.0.0.0:1812(4)
261 <engine.item.setup> Request decode:
=09User-Name =3D "ea...@sr..."
=09Message-Authenticator =3D "3DCEB0A367A90A8CBA868120EFB6AAC2"
=09State =3D "57542"
=09EAP-Message =3D "Response/EAP-TTLS(3): flags=3D00()"
261 <engine.item.setup> User-Name parsed: Base-User-Name =3D "eaptest"=
,=20
User-Realm =3D "srce.hr"
261 <engine.item.setup> Item setup complete
261 <engine.worker.7> Challenge/Continue response merged
262 <engine.worker.7> -> doEap[AuthEapTtls]
262 <plugin.AuthEapTtls.doEap> EAP-Message input:
=09"Response/EAP-TTLS(3): flags=3D00()"
262 <plugin.AuthEapTtls.doEap> EAP-Message output:
=09"Request/EAP-TTLS(4): flags=3D00() frag.length=3D602"
262 <plugin.AuthEapTtls.doEap> CHALLENGE->doEap -- doEap indicates=20
challenge
262 <engine.worker.1> doEap[AuthEapTtls] exits by CHALLENGE->doEap --=
=20
doEap indicates challenge
262 <engine.worker.1> StateCache: key=3D57543, timeout=3D195000
262 <engine.worker.1> Reply encode:
=09EAP-Message =3D "Request/EAP-TTLS(4): flags=3D00() frag.length=3D602"
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57543"
=09Session-Timeout =3D 180
262 <engine.worker.1> Reply attribute dump
=09EAP-Message =3D "Request/EAP-TTLS(4): flags=3D00() frag.length=3D602"
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57543"
=09Session-Timeout =3D 180
292 <engine.item.setup> Client timeout is: 15000
292 <engine.item.setup> 161.53.2.205:1260->0.0.0.0:1812(5)
292 <engine.item.setup> Request decode:
=09User-Name =3D "ea...@sr..."
=09Message-Authenticator =3D "E893AFF9382D7C3E5C2CFC89FBB15902"
=09State =3D "57543"
=09EAP-Message =3D "Response/EAP-TTLS(4): flags=3D80(L) msg.length=3D202=
=20
frag.length=3D198"
293 <engine.item.setup> User-Name parsed: Base-User-Name =3D "eaptest"=
,=20
User-Realm =3D "srce.hr"
293 <engine.item.setup> Item setup complete
293 <engine.worker.1> Challenge/Continue response merged
293 <engine.worker.1> -> doEap[AuthEapTtls]
293 <plugin.AuthEapTtls.doEap> EAP-Message input:
=09"Response/EAP-TTLS(4): flags=3D80(L) msg.length=3D202 frag.length=3D198=
"
294 <plugin.AuthEapTtls.doEap> Sending a 202 byte message to the EAP=
=20
TTLS server:
=09Handshake,v3.1
=09 ClientKeyExchange
=09ChangeCipherSpec,v3.1
=09Handshake,v3.1
=09 Finished
Caught java.lang.ArrayIndexOutOfBoundsException: 202
294 <plugin.AuthEapTtls.doEap> SUSPEND -- Waiting for next EAP message
294 <engine.worker.0> doEap[AuthEapTtls] exits by SUSPEND -- Waiting=
=20
for next EAP message
295 <plugin.AuthEapTtls.doEap> Item rescheduled
295 <plugin.AuthEapTtls.doEap> Resending previous request after=20
receiving invalid response: iaik.security.ssl.SSLException: Record version=
=20
mismatch: 00
295 <plugin.AuthEapTtls.doEap> EAP-Message output:
=09"Request/EAP-TTLS(4): flags=3D00() frag.length=3D602"
295 <plugin.AuthEapTtls.doEap> CHALLENGE->doEap -- doEap indicates=20
challenge
295 <engine.worker.6> doEap[AuthEapTtls] exits by CHALLENGE->doEap --=
=20
doEap indicates challenge
295 <engine.worker.6> StateCache: key=3D57544, timeout=3D195000
295 <engine.worker.6> Reply encode:
=09EAP-Message =3D "Request/EAP-TTLS(4): flags=3D00() frag.length=3D602"
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57544"
=09Session-Timeout =3D 180
295 <engine.worker.6> Reply attribute dump
=09EAP-Message =3D "Request/EAP-TTLS(4): flags=3D00() frag.length=3D602"
=09Message-Authenticator =3D "00000000000000000000000000000000"
=09State =3D "57544"
=09Session-Timeout =3D 180
195301 <engine.worker.6> (WARNING) Challenge timeout
For me it look like some problem in communication in some radius packet in=
=20
proces of handshaking.
I may start bliter mod with hex log if neccery.
TIA
Dubravko
On Thu, 23 Feb 2006, David Bird wrote:
> I committed a new EAPAuthenticator class with the option
> startWithIdentity (defaulting to true, so it should be plug-and-play).
> Please let me know if this solves your problems.
>
> Cheers,
> David
>
> On Thu, 2006-02-23 at 08:16 +0100, Dubravko Penezic wrote:
>>> To: jra...@li...
>>> From: brian haynes <ad...@mo...>
>>> Date: Wed, 22 Feb 2006 23:24:42 -0500
>>> Subject: [Jradius-users] Missing EAP-Message
>>>
>>> Missing EAP-Message Getting this message from my radius server
>>> when using the client plugin.
>>> any ideas?
>>>
>>>
>>> Thanks
>>
>> Hi Brian,
>>
>> that is thrue, when client send firest request EAP-Message is empty, I
>> submit that "bug/feature" on this list last friday, and David Bird said =
he
>> will check that.
>>
>> We fix that problem adding some code (dirty trick, reverse enginering ;)
>> ), but I dont think it is really right patch. I may send that code to
>> list, if is needed.
>>
>> Dubravko Penezic
>> University Computing Center, Zagreb
>> Croatia
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by xPML, a groundbreaking scripting langu=
age
>> that extends applications into web and mobile media. Attend the live web=
cast
>> and join the prime developer group breaking into this new coding territo=
ry!
>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=
=3D121642
>> _______________________________________________
>> Jradius-users mailing list
>> Jra...@li...
>> https://lists.sourceforge.net/lists/listinfo/jradius-users
>>
> |
