(RADIATOR) Can't get PEAP to work, need help.
mikem at open.com.au
Tue Jun 24 06:58:28 CDT 2003
On Tue, 24 Jun 2003 08:32 pm, Jerome Fleury wrote:
> --On mardi 24 juin 2003 09:26 +1000 Mike McCauley <mikem at open.com.au> wrote:
> > Hello Jeremy,
> > thanks for the full log.
> > Looks like Radiator is not seeing a completed client hello from your
> > client: its still waiting for the client hello to be closed off.
> > This is very puzzling: your client is behaving differently to other
> > clients we have observed.
> > What PEAP client are you using?
> Well, this is quite strange as I use both Windows2000 client (hotfix from
> microsoft) and Funk Odyssey client, giving the same bad result.
> Maybe the source of the problem could be the AP (Cisco 1200) or the client
> card (Orinoco, one of the first Lucent ones indeed) ?
OK, I have just retested here with the latest Odyssey 2.0 client and Windows
2000. I can see that the latest Odyssey client does in fact act differently
on 2000, nevertheless Radiator worked ok here with it with a successful
So now I am back to wondering why Radaitor did not respond to the client
hello. Normally it responds with the server certificate.
I have looked closely again at your log file and I see something else strange:
Mon Jun 23 14:04:09 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8465
Mon Jun 23 14:04:09 2003: ERR: jeje - want read
Mon Jun 23 14:04:09 2003: ERR: EAP TLS error: -1, 2, 8465,
it seems not to have recognised that reason 2 is WANT_READ and instead
reported an error.
This indicates that there is a problem with either the openssl install oor the
Im sorry I did not see this before.
You mentioned previously that you installed the 'latest' openssl but I think
you did not say which version.
Here we use openssl 0.9.7 and Net_SSLeay 1.22.
Caution: openssl 0.9.7 behaves differntly to older version in that it installs
it libs and headers in a different place (defaults to /usr/local/ssl). If you
have an older version or an RPM installed version, its possible that
Net_SSLeay will link with the wrong version.
I usually let openssl install in its default place (/usr/local/ssl) then
configure Net_SSleay to use it with
perl Makefile.PL /usr/local/ssl
I strongly suggest you :
1. Ensure there are no old versions of ssl, openssl or Net_SSLeay installed on
2. Compile and install openssl 0.9.7
3. Compile and install Net_SSLeay 1.22 (using the Makefile.PL /usr/local/ssl
> Jerome Fleury
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator