(RADIATOR) Anyone got EAP-TLS working on Redhat 7.3 or 9?

Mike McCauley mikem at open.com.au
Sun Nov 23 19:26:03 CST 2003


Hello Simon,

On Mon, 24 Nov 2003 11:24 am, Simon Gao wrote:
> Hi,
>
> I run into a very strange problem while trying to get
> EAP-TLS working with either Redhat 7.3, 9, or Mandrake
> 8.0, 9.2. Radiator is unable to read key file correctly,
> no matter the key is the sample one comes with Radiator
> 3.7.1 or self signed ones. Either OpenSSL 0.9.7c or 0.9.7b
> with the latest rquired modules are installed.
>
> Any help is greatly appreciated.  Here is the log:

I have just tested here with RH 9, openssl-0.9.7c and Net_SSLeay 1.23, and it 
reads the certificate file fine. I have not seen this error with any versions 
of openssl on any platform, except when the file really does not exist:

> Sun Nov 23 18:22:10 2003: ERR: TLS could not
> use_certificate_file
> /usr/local/radiator/etc/cert/cert-serv.pem, 1:  4655: 1 -
> error:0906D06C:PEM routines:PEM_read_bio:no start line
>   4655: 2 - error:02001002:system library:fopen:No such
> file or directory

Are you sure that /usr/local/radiator/etc/cert/cert-serv.pem exists and is 
readable by whoever is running Radiator?

Cheers.


>
> ===============================================================
>   Sun Nov 23 18:22:10 2003: DEBUG: Handling request with
> Handler 'Client-Identifier=/Test_Radius/'
> Sun Nov 23 18:22:10 2003: DEBUG: Handling request with
> Handler 'Client-Identifier=/Test_Radius/'
> Sun Nov 23 18:22:10 2003: DEBUG:  Deleting session for
> testUser, 192.168.3.2,
> Sun Nov 23 18:22:10 2003: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Nov 23 18:22:10 2003: DEBUG: Handling with EAP: code
> 2, 168, 13
> Sun Nov 23 18:22:10 2003: DEBUG: Response type 1
> Sun Nov 23 18:22:10 2003: ERR: TLS could not
> use_certificate_file
> /usr/local/radiator/etc/cert/cert-serv.pem, 1:  4655: 1 -
> error:0906D06C:PEM routines:PEM_read_bio:no start line
>   4655: 2 - error:02001002:system library:fopen:No such
> file or directory
>   4655: 3 - error:20074002:BIO routines:FILE_CTRL:system
> lib
>   4655: 4 - error:140AD002:SSL
> routines:SSL_CTX_use_certificate_file:system lib
>
> Sun Nov 23 18:22:10 2003: DEBUG: EAP result: 1, EAP TLS
> Could not initialise context
> Sun Nov 23 18:22:10 2003: INFO: Access rejected for
> testUser: EAP TLS Could not initialise context
> Sun Nov 23 18:22:10 2003: INFO: Access rejected for
> testUser: EAP TLS Could not initialise context
> Sun Nov 23 18:22:10 2003: DEBUG: Packet dump:
> *** Sending to 192.168.3.2 port 6001 ....
> Code:       Access-Reject
> Identifier: 162
> Authentic:
>  <235>2<0><0><13><5><0><0><189><15><0><0><192><29><0><0>
> Attributes:
>          Reply-Message = "EAP TLS Could not initialise
> context"
> ============================================================
>
> Simon Gao
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list