(RADIATOR) eap_ttls.cfg Typo?

Mike McCauley mikem at open.com.au
Fri Sep 26 01:50:51 CDT 2003 

Hello Terry,


On Fri, 26 Sep 2003 03:44 pm, Terry Simons wrote:
> Howdy,
>
> After upgrading to Radiator 3.7 I'm getting the following error:
>
> Reply-Message = "EAP TTLS inner authentication redespatched to a
> Handler"
>
> Things worked just fine in 3.6... :)
>
> I took a look in eap_ttls.cfg, but it looks like there is a typo...
>
> There is a starting <Realm DEFAULT> declaration, but it ends with a
> </Handler> tag.

This is incorrect, but innocuous, and would not explain what you are seeing.

I think we will need to see your Radiator log file at trace level 4 showing 
what happens during authentication.
What type of TTLS authentication are you using?

What does AuthBy         ACCT-TEST  in your config file refer to? I think we 
will need to see your entore config file (no secrets)

Cheers.


>
> That doesn't quite look right...
>
> I guess I'll give the eap_ttls_proxy.cfg handler method a try...
>
> Should this work the way I have it configured, or did I do something
> wrong?
>
> Here's the offending realm definition:
>
> <Realm DEFAULT>
>     RewriteUsername s/^([^@]+).*/$1/
>     AcctLogFileName %L/accounting/accounting.acct
>
>      RejectHasReason
>
>      AuthByPolicy    ContinueAlways
>
>      AuthBy         ACCT-TEST
>
>      <AuthLog FILE>
>          Filename                %L/authlog/authlog.log
>          LogSuccess              1
>          LogFailure              1
>          SuccessFormat           %l,%u,%{NAS-Identifier},%N,%h,OK
>          FailureFormat           %l,%u,%{NAS-Identifier},%N,%h,FAIL
>      </AuthLog>
>     RewriteUsername s/^([^@]+).*/$1/
>
>     <AuthBy FILE>
>         Filename                        /usr/local/etc/users
>         EAPType                         TTLS TLS MD5-Challenge MSCHAP-V2
>         EAPTLS_MaxFragmentSize          1024
>         EAPTLS_CAFile                   /etc/radiator/CA.pem
>         EAPTLS_CertificateType          PEM
>         EAPTLS_CertificateFile          /etc/radiator/Server.pem
>         EAPTLS_PrivateKeyFile           /etc/radiator/Server.pem
>         EAPTLS_PrivateKeyPassword       PrivateKey
>
>         EAPTLS_SessionResumption 0
>         AutoMPPEKeys
>
>     </AuthBy>
> </Realm>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list