(RADIATOR) BUG? EAP TLS hangs

Ken Wolstencroft kenw at keeper.org.uk
Mon Jun 30 19:16:56 CDT 2003


Thanks Mike, I'll download the patches and carry out my tests again...

Ken

----- Original Message ----- 
From: "Mike McCauley" <mikem at open.com.au>
To: "Ken Wolstencroft" <kenw at keeper.org.uk>; "Denis Pavani"
<d.pavani at cineca.it>; <radiator at open.com.au>
Sent: Tuesday, July 01, 2003 12:38 AM
Subject: Re: (RADIATOR) BUG? EAP TLS hangs


> Hello all,
>
>
> On Tue, 1 Jul 2003 04:27 am, Ken Wolstencroft wrote:
> > Hi Denis,
> >
> > I had the same problem and spent ages recompiling OpenSSL with all the
ssl
> > version work arounds etc.
> >
> > The way I finally solved it was to add the following to the EAPTLS
AuthBy:
> >
> > EAPTLS_SessionResumption 0
> >
> > Can anyone suggest why this happens in the first place and why stopping
> > session resumption seems to solve the problem.
>
> We made a patch recently for a similar issue. It occured after a failed
> attempt to resume a session, so thats why setting EAPTLS_SessionResumption
0
> fixed it.
>
> Cheers.
>
> >
> > All the best,
> > Ken
> > MyZones Ltd
> >
> > ----- Original Message -----
> > From: "Denis Pavani" <d.pavani at cineca.it>
> > To: <radiator at open.com.au>
> > Sent: Monday, June 30, 2003 4:44 PM
> > Subject: (RADIATOR) BUG? EAP TLS hangs
> >
> > > Hello, I got a strange behaviour from Radiator 3.6, on Solaris with
> > > OpenSSL 0.9.7a
> > > Most of time, all authentication are OK, but sometimes EAP-TLS stop
> > > working, and gives errors as below.
> > > Restarting the daemon (sending an HUP signal does not work, I must
kill
> > > process and restart) fixes the situation.
> > > Any idea?
> > >
> > > Mon Jun 30 17:30:17 2003: DEBUG: Handling with Radius::AuthLDAP2:
> > > Mon Jun 30 17:30:17 2003: DEBUG: Handling with EAP: code 2, 33, 98
> > > Mon Jun 30 17:30:17 2003: DEBUG: Response type 13
> > > Mon Jun 30 17:30:17 2003: ERR: EAP TLS error: -1, 1, 24576,  10385:
1 -
> > > error:14
> > > 0A4044:SSL routines:SSL_clear:internal error
> > >  10385: 2 - error:14080044:SSL routines:SSL3_ACCEPT:internal error
> > >
> > > Mon Jun 30 17:30:17 2003: DEBUG: Handling with Radius::AuthFILE:
> > > Mon Jun 30 17:30:17 2003: DEBUG: Handling with EAP: code 2, 33, 98
> > > Mon Jun 30 17:30:17 2003: DEBUG: Response type 13
> > > Mon Jun 30 17:30:17 2003: ERR: EAP TLS error: -1, 1, 24576,  10385:
1 -
> > > error:14
> > > 0A4044:SSL routines:SSL_clear:internal error
> > >  10385: 2 - error:14080044:SSL routines:SSL3_ACCEPT:internal error
> > >
> > > Mon Jun 30 17:30:17 2003: INFO: Access rejected for
d.pavani at cineca.it:
> > > EAP TLS
> > > error
> > >
> > > --
> > >
************************************************************************
> > > Denis Pavani
> > >
> > > CINECA    -    Comunicazioni e Sistemi Distribuiti
> > > NOC - Network Operations Center
> > >
> > > phone:+39 0516171953 / fax:+39 0516132198
> > > http://www.cineca.it
> > >
************************************************************************
> > >  "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
> > >   -- Gunny Highway
> > >
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.493 / Virus Database: 292 - Release Date: 6/25/2003
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.495 / Virus Database: 294 - Release Date: 6/30/2003

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list