(RADIATOR)CPAN errors... 802.1x PEAP/aironet1100 WLAN

Scott Xiao - ANTlabs scottxiao at antlabs.com
Wed Aug 4 06:28:15 CDT 2004


Hi,
I am going to install Radiator on another server.I know some Perl modules
need install,like MD4,SSLeay,etc. when I run perl -MCPAN -eshell, it seems I
did some wrong "enter",and now I am not able to install these modules,can
you advise? Am I am to reinstall the CPAN and do the config again?Or can
download RPM file for those modules to install?Possible?
I can ping ftp.perl.org and I have ncftp in the server.OS is WhiteBox
Linux.Errors as below...
Thanks!
scott

[root at AAA /]# perl -MCPAN -eshell

cpan shell -- CPAN exploration and modules installation (v1.61)
ReadLine support available (try 'install Bundle::CPAN')

cpan>
pan>
cpan>
cpan> install Digest::MD5
CPAN: Storable loaded ok
Going to read /root/.cpan/Metadata
Warning: Found only 0 objects in /root/.cpan/Metadata
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
  ftp://ftp.perl.org/authors/01mailrc.txt.gz

etching with LWP:
  ftp://ftp.perl.org/authors/01mailrc.txt.gz
LWP failed with code[404] message[Can't chdir to authors]
Fetching with Net::FTP:
  ftp://ftp.perl.org/authors/01mailrc.txt.gz
Couldn't cwd authors at /usr/lib/perl5/5.8.0/CPAN.pm line 2182.

Trying with "/usr/bin/links -source" to get
    ftp://ftp.perl.org/authors/01mailrc.txt.gz


Trying with "/usr/bin/wget -O -" to get
    ftp://ftp.perl.org/authors/01mailrc.txt.gz
--19:21:04--  ftp://ftp.perl.org/authors/01mailrc.txt.gz
           => `-'
Resolving ftp.perl.org... done.
Connecting to ftp.perl.org[131.93.0.19]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /authors ...
No such directory `authors'.


System call "/usr/bin/wget -O - "ftp://ftp.perl.org/authors/01mailrc.txt.gz"
> /root/.cpan/sources/authors/01mailrc.txt"
returned status 1 (wstat 256)
Warning: expected file [/root/.cpan/sources/authors/01mailrc.txt.gz] doesn't
exist
Issuing "/usr/kerberos/bin/ftp -n"
AUTH not understood
AUTH not understood
KERBEROS_V4 rejected as an authentication type
Local directory now /root/.cpan/sources/authors
authors: No such file or directory
01mailrc.txt.gz: No such file or directory
Bad luck... Still failed!
Can't access URL ftp://ftp.perl.org/authors/01mailrc.txt.gz.

Please check, if the URLs I found in your configuration file
(ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 'o
conf urllist push ftp://myurl/'

Could not fetch authors/01mailrc.txt.gz
Fetching with LWP:
  ftp://ftp.perl.org/modules/02packages.details.txt.gz
LWP failed with code[404] message[Can't chdir to modules]
Fetching with Net::FTP:
  ftp://ftp.perl.org/modules/02packages.details.txt.gz
Couldn't cwd modules at /usr/lib/perl5/5.8.0/CPAN.pm line 2182.

Trying with "/usr/bin/links -source" to get
    ftp://ftp.perl.org/modules/02packages.details.txt.gz

System call "/usr/bin/ncftp  -c
"ftp://ftp.perl.org/modules/02packages.details.txt.gz"  >
/root/.cpan/sources/modules/02packages.details.txt"
returned status 2 (wstat 512)
Warning: expected file
[/root/.cpan/sources/modules/02packages.details.txt.gz] doesn't exist

Trying with "/usr/bin/wget -O -" to get
    ftp://ftp.perl.org/modules/02packages.details.txt.gz
--19:21:21--  ftp://ftp.perl.org/modules/02packages.details.txt.gz
           => `-'
Resolving ftp.perl.org... done.
Connecting to ftp.perl.org[131.93.0.19]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /modules ...
No such directory `modules'.


System call "/usr/bin/wget -O -
"ftp://ftp.perl.org/modules/02packages.details.txt.gz"  >
/root/.cpan/sources/modules/02packages.details.txt"
returned status 1 (wstat 256)
Warning: expected file
[/root/.cpan/sources/modules/02packages.details.txt.gz] doesn't exist
Issuing "/usr/kerberos/bin/ftp -n"
AUTH not understood

System call "/usr/bin/wget -O -
"ftp://ftp.perl.org/modules/02packages.details.txt.gz"  >
/root/.cpan/sources/modules/02packages.details.txt"
returned status 1 (wstat 256)
Warning: expected file
[/root/.cpan/sources/modules/02packages.details.txt.gz] doesn't exist
Issuing "/usr/kerberos/bin/ftp -n"
AUTH not understood
AUTH not understood
KERBEROS_V4 rejected as an authentication type
Local directory now /root/.cpan/sources/modules
modules: No such file or directory
02packages.details.txt.gz: No such file or directory
Bad luck... Still failed!
Can't access URL ftp://ftp.perl.org/modules/02packages.details.txt.gz.

Please check, if the URLs I found in your configuration file
(ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 'o
conf urllist push ftp://myurl/'

rces/modules/03modlist.data"
returned status 2 (wstat 512)
Warning: expected file [/root/.cpan/sources/modules/03modlist.data.gz]
doesn't exist

Trying with "/usr/bin/wget -O -" to get
    ftp://ftp.perl.org/modules/03modlist.data.gz
--19:21:41--  ftp://ftp.perl.org/modules/03modlist.data.gz
           => `-'
Resolving ftp.perl.org... done.
Connecting to ftp.perl.org[131.93.0.19]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /modules ...
No such directory `modules'.

System call "/usr/bin/wget -O -
"ftp://ftp.perl.org/modules/03modlist.data.gz"  >
/root/.cpan/sources/modules/03modlist.data"
returned status 1 (wstat 256)
Warning: expected file [/root/.cpan/sources/modules/03modlist.data.gz]
doesn't exist
Issuing "/usr/kerberos/bin/ftp -n"
AUTH not understood
AUTH not understood
KERBEROS_V4 rejected as an authentication type
Local directory now /root/.cpan/sources/modules
modules: No such file or directory
03modlist.data.gz: No such file or directory
Bad luck... Still failed!
Can't access URL ftp://ftp.perl.org/modules/03modlist.data.gz.

Please check, if the URLs I found in your configuration file
(ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 'o
conf urllist push ftp://myurl/'

Could not fetch modules/03modlist.data.gz
Going to write /root/.cpan/Metadata
Warning: Cannot install Digest::MD5, don't know what it is.
Try the command

    i /Digest::MD5/

to find objects with matching identifiers.

cpan>
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
Behalf Of Bon sy
Sent: Tuesday, August 03, 2004 7:10 PM
To: Terry Simons
Cc: scottxiao at antlabs.com; radiator at open.com.au
Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN


Hi Scott and Terry,

	If your main concern is the cost as Terry mentioned, you may want
to consider building your own CA using openssl. If a moderate cost
investment may fit your budget, you may want to look into CATool as
Mike/Hugh has suggested previously.

	We have tried and used both. Building your own CA using openssl is
more involved --- and obviously you have to provide your own technical
support --- in comparing to using CATool. If you do want to build your own
CA using openssl and to avoid the frustration causing your late night
sleepless symtom, we find it important to build up the comfort level on
openssl, perl, and Linux, and definitely read up a lot from the mailing
list, before doing it.

Bon


On Mon, 2 Aug 2004, Terry Simons wrote:

> Hi Scott,
>
> You *can* reuse a server certificate in another location later.
>
> The domain name has no real significance, except that you need to
> verify it on the client to ensure that your clients are secure.  The
> domain can be whatever you like, and can exist on multiple servers...
> there is no inherent tie to any given server.
>
> That said, it is probably *not* a good idea to reuse certificates in a
> production environment, but it does work.
>
> Is the main reason why you are purchasing certificates to ensure that
> the client has a pre-installed CA certificate that will verify your
> certificate, or for some other reason?
>
> If your main concern is the cost, you should probably consider rolling
> your own certificates.
>
> - Terry
>
> On Aug 2, 2004, at 8:59 PM, Scott Xiao - ANTlabs wrote:
>
> >
> > Hi,
> > Can any of you recommend one workable Radius(Radiator) server
> > certificate
> > besides Verisign?I want to buy a cheaper one,use it in  802.1x PEAP
> > WLAN
> > hotspot.If I use it for domain "hostname.mydomain.com" ,can I use the
> > same
> > certificate in future if I deploy a same WLAN in another place which
> > will
> > still use the same domain name?Thanks!
> > Rgds
> > Scott Xiao
> > -----Original Message-----
> > From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> > Behalf Of Terry Simons
> > Sent: Thursday, July 29, 2004 1:15 PM
> > To: Christian Wiedmann
> > Cc: radiator at open.com.au
> > Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100
> > WLAN
> >
> >
> > Hi,
> >
> > On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:
> >
> >> As far as I know, the XP server extension OID is the one that is also
> >> used for web servers.  Therefore, a web server certificate should
> >> work.
> >
> > This is true.  There is one thing that people should probably be aware
> > of, however.
> >
> > At the last Networld + Interop HotStage, we did some extensive testing
> > with this and it was determined that what should probably happen is to
> > officially apply for some OIDs for 802.1X authentication servers.  One
> > of the HotStage members that is involved in the IETF and the IEEE is
> > pushing that a bit, so it could be the case that a "proper" OID set
> > will come out in the future.  It could be a ways out, but I personally
> > hope that it happens so we can have an "official" way of creating
> > "802.1X authentication" certificates.
> >
> > - Terry
> >
> >>
> >> For what it's worth, I've successfully used a Verisign web server
> >> certificate
> >> for PEAP authentication against Windows XP SP1.  I think there's a
> >> good
> >> chance a freessl certificate would work too.
> >>
> >> 	-Christian
> >>
> >> ref.:
> >> http://support.microsoft.com/?kbid=814394
> >> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
> >> http://www.ietf.org/rfc/rfc2459.txt
> >>
> >> On Wed, 28 Jul 2004, Mike McCauley wrote:
> >>
> >>> Date: Wed, 28 Jul 2004 19:35:44 +1000
> >>> From: Mike McCauley <mikem at open.com.au>
> >>> To: scottxiao at antlabs.com
> >>> Cc: Radiator <radiator at open.com.au>
> >>> Subject: Re: (RADIATOR) SSL certificate for  802.1x PEAP/aironet1100
> >>> WLAN
> >>>
> >>> Hi Scott,
> >>>
> >>>
> >>> On Wednesday 28 July 2004 18:41, Scott Xiao  - ANTlabs wrote:
> >>>> Hi,Mike,
> >>>> Thanks, so do you have any suggestion that I can purchase regarding
> >>>> the
> >>>> cert for radius server?Verisign?which type?If you have any
> >>>> recommendation
> >>>> that it works well on Radiator....Thanks
> >>>
> >>> Verisign offer certificates for radius servers, but I dont know the
> >>> details of
> >>> how to apply for one. They do work with Radiator. You should try to
> >>> get it in
> >>> PEM format.
> >>>
> >>> Cheers.
> >>>
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list