(RADIATOR) Can't get PEAP to work, need help.

Jerome Fleury jeje at jeje.org
Tue Jun 24 10:37:29 CDT 2003 

--On Tuesday, June 24, 2003 09:58:28 PM +1000 Mike McCauley <mikem at open.com.au> wrote:

> Hello Jerome,
> 
> 
> On Tue, 24 Jun 2003 08:32 pm, Jerome Fleury wrote:
>> --On mardi 24 juin 2003 09:26 +1000 Mike McCauley <mikem at open.com.au> wrote:
>> > Hello Jeremy,
>> > 
>> > thanks for the full log.
>> > 
>> > Looks like Radiator is not seeing a completed client hello from your
>> > client: its still waiting for the client hello to be closed off.
>> > This is very puzzling: your client is behaving differently to other
>> > clients we have observed.
>> > 
>> > What PEAP client are you using?
>> 
>> Well, this is quite strange as I use both Windows2000 client (hotfix from
>> microsoft) and Funk Odyssey client, giving the same bad result.
>> 
>> Maybe the source of the problem could be the AP (Cisco 1200) or the client
>> card (Orinoco, one of the first Lucent ones indeed) ?
> 
> OK, I have just retested here with the latest Odyssey 2.0 client and Windows 
> 2000. I can see that the latest Odyssey client does in fact act differently 
> on 2000, nevertheless Radiator worked ok here with it with a successful 
> authentication
> 
> So now I am back to wondering why Radaitor did not respond to the client 
> hello. Normally it responds with the server certificate.
> 
> I have looked closely again at your log file and I see something else strange:
> 
> Mon Jun 23 14:04:09 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8465
> Mon Jun 23 14:04:09 2003: ERR: jeje - want read
> Mon Jun 23 14:04:09 2003: ERR: EAP TLS error: -1, 2, 8465, 
> 
> it seems not to have recognised that reason 2 is WANT_READ and instead 
> reported  an error.
> This indicates that there is a problem with either the openssl install oor the 
> Net_SSLeay install.
> Im sorry I did not see this before.

No that's me sorry not to have precised this: I added some debug code in the WANT_READ
condition block:

                 elsif ($reason == ERROR_WANT_READ)
                {       
                        $self->log($main::LOG_ERR, "jeje - want read", $p);
                        my $errs = &Net::SSLeay::print_errs();
                        $self->log($main::LOG_ERR, "EAP TLS error: $ret, $reason, $state,
$errs");
                        $self->eap_failure($p->{rp}, $context);                     

                    # Looking for more data, just ack this
                }

So that it recognizes WANT_READ well. Sorry for giving you a bad path.


> I strongly suggest you :
> 
> 1. Ensure there are no old versions of ssl, openssl or Net_SSLeay installed on 
> your host.

No, old older versions are overrided.

> 2. Compile and install openssl 0.9.7

done.

> 3. Compile and install Net_SSLeay 1.22 (using the Makefile.PL /usr/local/ssl 
> arg above)

done (1.23)

At this point, I think I'll try on an other fresh Unix install.

Thanks for your help Mike.
--
Jerome Fleury
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list