[RADIATOR] PEAP authentication errors

Jeff Lee jleefw at gmail.com
Tue Jan 28 17:53:54 CST 2014 

Hi there,

I'm having issues with authenticating PEAP requests, and I'm not sure what
is the issue.
Could someone shed some light... ?


Mon Jan 27 22:30:05 2014: ERR: TLS could not load_verify_locations , :
10884: 1 - error:25066067:DSO support routines:DLFCN_LOAD:could not load
the shared library
10884: 2 - error:25070067:DSO support routines:DSO_load:could not load the
shared library
10884: 3 - error:260B6084:engine routines:DYNAMIC_LOAD:dso not found
10884: 4 - error:2606A074:engine routines:ENGINE_by_id:no such engine


* * * * * *
below is the handler config, which I've placed to the last of the handler
list, which means this is the almost the last bit of the config file
(radius.cfg).


#
------------------------------------------------------------------------------------------
# This is where the PEAP inner request appears
# The username of the inner request will be anonymous, although
# the identity of the EAP request will be the real username we are
# trying to authenticate.
# With the EAP_PEAP_MSCHAP_Convert flag set, the EAP-MSCHAPV2 request is
converted
# into conventional Radius-MSCHAPV2 and redespatched to the <Handler
ConvertedFromEAPMSCHAPV2=1>
# above.
<Handler TunnelledByPEAP=1>
    <AuthBy FILE>
        # Dont really need this
#        Filename %D/users

        # This tells the PEAP client what types of inner EAP requests
        # we will honour
        EAPType MSCHAP-V2

        # This flag tells EAPType MSCHAP-V2 to convert the inner
EAP-MSCHAPV2 request into
        # an ordinary Radius-MSCHAPV2 request and redespatch to to a Handler
        # that matches ConvertedFromEAPMSCHAPV2=1 (see above)
        EAP_PEAP_MSCHAP_Convert 1
    </AuthBy>
</Handler>


#
------------------------------------------------------------------------------------------
# Processes all 'outer' EAP requests - skips non-EAP requests leaving to
next <Handler>
<Handler EAP-Message=/.+/>
    <AuthBy FILE>
        Filename %D/users
        EAPType TTLS
        #EAPType TTLS, PEAP
        EAPTLS_CAFile %D/certificates/AddTrustExternalCARoot.pem
        EAPTLS_CertificateFile %D/certificates/my-cert.pem
        EAPTLS_CertificateType PEM
        EAPTLS_PrivateKeyFile %D/certificates/my-cert.key.pem
        EAPTLS_PrivateKeyPassword whatever
        EAPTLS_MaxFragmentSize 1000
        AutoMPPEKeys
        EAPTLS_PEAPVersion 0
    </AuthBy>
</Handler>






regards,
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140129/184b1d71/attachment.html

More information about the radiator mailing list