(RADIATOR)CPAN errors... 802.1x PEAP/aironet1100 WLAN

Hugh Irvine hugh at open.com.au
Wed Aug 4 21:19:27 CDT 2004


Hello Scott -

You can always download the source for the modules you require and 
install by hand:

	perl Makefile.PL
	make
	make test
	make install

regards

Hugh


On 4 Aug 2004, at 21:28, Scott Xiao - ANTlabs wrote:

>
> Hi,
> I am going to install Radiator on another server.I know some Perl 
> modules
> need install,like MD4,SSLeay,etc. when I run perl -MCPAN -eshell, it 
> seems I
> did some wrong "enter",and now I am not able to install these 
> modules,can
> you advise? Am I am to reinstall the CPAN and do the config again?Or 
> can
> download RPM file for those modules to install?Possible?
> I can ping ftp.perl.org and I have ncftp in the server.OS is WhiteBox
> Linux.Errors as below...
> Thanks!
> scott
>
> [root at AAA /]# perl -MCPAN -eshell
>
> cpan shell -- CPAN exploration and modules installation (v1.61)
> ReadLine support available (try 'install Bundle::CPAN')
>
> cpan>
> pan>
> cpan>
> cpan> install Digest::MD5
> CPAN: Storable loaded ok
> Going to read /root/.cpan/Metadata
> Warning: Found only 0 objects in /root/.cpan/Metadata
> CPAN: LWP::UserAgent loaded ok
> Fetching with LWP:
>   ftp://ftp.perl.org/authors/01mailrc.txt.gz
>
> etching with LWP:
>   ftp://ftp.perl.org/authors/01mailrc.txt.gz
> LWP failed with code[404] message[Can't chdir to authors]
> Fetching with Net::FTP:
>   ftp://ftp.perl.org/authors/01mailrc.txt.gz
> Couldn't cwd authors at /usr/lib/perl5/5.8.0/CPAN.pm line 2182.
>
> Trying with "/usr/bin/links -source" to get
>     ftp://ftp.perl.org/authors/01mailrc.txt.gz
>
>
> Trying with "/usr/bin/wget -O -" to get
>     ftp://ftp.perl.org/authors/01mailrc.txt.gz
> --19:21:04--  ftp://ftp.perl.org/authors/01mailrc.txt.gz
>            => `-'
> Resolving ftp.perl.org... done.
> Connecting to ftp.perl.org[131.93.0.19]:21... connected.
> Logging in as anonymous ... Logged in!
> ==> SYST ... done.    ==> PWD ... done.
> ==> TYPE I ... done.  ==> CWD /authors ...
> No such directory `authors'.
>
>
> System call "/usr/bin/wget -O - 
> "ftp://ftp.perl.org/authors/01mailrc.txt.gz"
>> /root/.cpan/sources/authors/01mailrc.txt"
> returned status 1 (wstat 256)
> Warning: expected file [/root/.cpan/sources/authors/01mailrc.txt.gz] 
> doesn't
> exist
> Issuing "/usr/kerberos/bin/ftp -n"
> AUTH not understood
> AUTH not understood
> KERBEROS_V4 rejected as an authentication type
> Local directory now /root/.cpan/sources/authors
> authors: No such file or directory
> 01mailrc.txt.gz: No such file or directory
> Bad luck... Still failed!
> Can't access URL ftp://ftp.perl.org/authors/01mailrc.txt.gz.
>
> Please check, if the URLs I found in your configuration file
> (ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 
> 'o
> conf urllist push ftp://myurl/'
>
> Could not fetch authors/01mailrc.txt.gz
> Fetching with LWP:
>   ftp://ftp.perl.org/modules/02packages.details.txt.gz
> LWP failed with code[404] message[Can't chdir to modules]
> Fetching with Net::FTP:
>   ftp://ftp.perl.org/modules/02packages.details.txt.gz
> Couldn't cwd modules at /usr/lib/perl5/5.8.0/CPAN.pm line 2182.
>
> Trying with "/usr/bin/links -source" to get
>     ftp://ftp.perl.org/modules/02packages.details.txt.gz
>
> System call "/usr/bin/ncftp  -c
> "ftp://ftp.perl.org/modules/02packages.details.txt.gz"  >
> /root/.cpan/sources/modules/02packages.details.txt"
> returned status 2 (wstat 512)
> Warning: expected file
> [/root/.cpan/sources/modules/02packages.details.txt.gz] doesn't exist
>
> Trying with "/usr/bin/wget -O -" to get
>     ftp://ftp.perl.org/modules/02packages.details.txt.gz
> --19:21:21--  ftp://ftp.perl.org/modules/02packages.details.txt.gz
>            => `-'
> Resolving ftp.perl.org... done.
> Connecting to ftp.perl.org[131.93.0.19]:21... connected.
> Logging in as anonymous ... Logged in!
> ==> SYST ... done.    ==> PWD ... done.
> ==> TYPE I ... done.  ==> CWD /modules ...
> No such directory `modules'.
>
>
> System call "/usr/bin/wget -O -
> "ftp://ftp.perl.org/modules/02packages.details.txt.gz"  >
> /root/.cpan/sources/modules/02packages.details.txt"
> returned status 1 (wstat 256)
> Warning: expected file
> [/root/.cpan/sources/modules/02packages.details.txt.gz] doesn't exist
> Issuing "/usr/kerberos/bin/ftp -n"
> AUTH not understood
>
> System call "/usr/bin/wget -O -
> "ftp://ftp.perl.org/modules/02packages.details.txt.gz"  >
> /root/.cpan/sources/modules/02packages.details.txt"
> returned status 1 (wstat 256)
> Warning: expected file
> [/root/.cpan/sources/modules/02packages.details.txt.gz] doesn't exist
> Issuing "/usr/kerberos/bin/ftp -n"
> AUTH not understood
> AUTH not understood
> KERBEROS_V4 rejected as an authentication type
> Local directory now /root/.cpan/sources/modules
> modules: No such file or directory
> 02packages.details.txt.gz: No such file or directory
> Bad luck... Still failed!
> Can't access URL ftp://ftp.perl.org/modules/02packages.details.txt.gz.
>
> Please check, if the URLs I found in your configuration file
> (ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 
> 'o
> conf urllist push ftp://myurl/'
>
> rces/modules/03modlist.data"
> returned status 2 (wstat 512)
> Warning: expected file [/root/.cpan/sources/modules/03modlist.data.gz]
> doesn't exist
>
> Trying with "/usr/bin/wget -O -" to get
>     ftp://ftp.perl.org/modules/03modlist.data.gz
> --19:21:41--  ftp://ftp.perl.org/modules/03modlist.data.gz
>            => `-'
> Resolving ftp.perl.org... done.
> Connecting to ftp.perl.org[131.93.0.19]:21... connected.
> Logging in as anonymous ... Logged in!
> ==> SYST ... done.    ==> PWD ... done.
> ==> TYPE I ... done.  ==> CWD /modules ...
> No such directory `modules'.
>
> System call "/usr/bin/wget -O -
> "ftp://ftp.perl.org/modules/03modlist.data.gz"  >
> /root/.cpan/sources/modules/03modlist.data"
> returned status 1 (wstat 256)
> Warning: expected file [/root/.cpan/sources/modules/03modlist.data.gz]
> doesn't exist
> Issuing "/usr/kerberos/bin/ftp -n"
> AUTH not understood
> AUTH not understood
> KERBEROS_V4 rejected as an authentication type
> Local directory now /root/.cpan/sources/modules
> modules: No such file or directory
> 03modlist.data.gz: No such file or directory
> Bad luck... Still failed!
> Can't access URL ftp://ftp.perl.org/modules/03modlist.data.gz.
>
> Please check, if the URLs I found in your configuration file
> (ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 
> 'o
> conf urllist push ftp://myurl/'
>
> Could not fetch modules/03modlist.data.gz
> Going to write /root/.cpan/Metadata
> Warning: Cannot install Digest::MD5, don't know what it is.
> Try the command
>
>     i /Digest::MD5/
>
> to find objects with matching identifiers.
>
> cpan>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Bon sy
> Sent: Tuesday, August 03, 2004 7:10 PM
> To: Terry Simons
> Cc: scottxiao at antlabs.com; radiator at open.com.au
> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 
> WLAN
>
>
> Hi Scott and Terry,
>
> 	If your main concern is the cost as Terry mentioned, you may want
> to consider building your own CA using openssl. If a moderate cost
> investment may fit your budget, you may want to look into CATool as
> Mike/Hugh has suggested previously.
>
> 	We have tried and used both. Building your own CA using openssl is
> more involved --- and obviously you have to provide your own technical
> support --- in comparing to using CATool. If you do want to build your 
> own
> CA using openssl and to avoid the frustration causing your late night
> sleepless symtom, we find it important to build up the comfort level on
> openssl, perl, and Linux, and definitely read up a lot from the mailing
> list, before doing it.
>
> Bon
>
>
> On Mon, 2 Aug 2004, Terry Simons wrote:
>
>> Hi Scott,
>>
>> You *can* reuse a server certificate in another location later.
>>
>> The domain name has no real significance, except that you need to
>> verify it on the client to ensure that your clients are secure.  The
>> domain can be whatever you like, and can exist on multiple servers...
>> there is no inherent tie to any given server.
>>
>> That said, it is probably *not* a good idea to reuse certificates in a
>> production environment, but it does work.
>>
>> Is the main reason why you are purchasing certificates to ensure that
>> the client has a pre-installed CA certificate that will verify your
>> certificate, or for some other reason?
>>
>> If your main concern is the cost, you should probably consider rolling
>> your own certificates.
>>
>> - Terry
>>
>> On Aug 2, 2004, at 8:59 PM, Scott Xiao - ANTlabs wrote:
>>
>>>
>>> Hi,
>>> Can any of you recommend one workable Radius(Radiator) server
>>> certificate
>>> besides Verisign?I want to buy a cheaper one,use it in  802.1x PEAP
>>> WLAN
>>> hotspot.If I use it for domain "hostname.mydomain.com" ,can I use the
>>> same
>>> certificate in future if I deploy a same WLAN in another place which
>>> will
>>> still use the same domain name?Thanks!
>>> Rgds
>>> Scott Xiao
>>> -----Original Message-----
>>> From: owner-radiator at open.com.au 
>>> [mailto:owner-radiator at open.com.au]On
>>> Behalf Of Terry Simons
>>> Sent: Thursday, July 29, 2004 1:15 PM
>>> To: Christian Wiedmann
>>> Cc: radiator at open.com.au
>>> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100
>>> WLAN
>>>
>>>
>>> Hi,
>>>
>>> On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:
>>>
>>>> As far as I know, the XP server extension OID is the one that is 
>>>> also
>>>> used for web servers.  Therefore, a web server certificate should
>>>> work.
>>>
>>> This is true.  There is one thing that people should probably be 
>>> aware
>>> of, however.
>>>
>>> At the last Networld + Interop HotStage, we did some extensive 
>>> testing
>>> with this and it was determined that what should probably happen is 
>>> to
>>> officially apply for some OIDs for 802.1X authentication servers.  
>>> One
>>> of the HotStage members that is involved in the IETF and the IEEE is
>>> pushing that a bit, so it could be the case that a "proper" OID set
>>> will come out in the future.  It could be a ways out, but I 
>>> personally
>>> hope that it happens so we can have an "official" way of creating
>>> "802.1X authentication" certificates.
>>>
>>> - Terry
>>>
>>>>
>>>> For what it's worth, I've successfully used a Verisign web server
>>>> certificate
>>>> for PEAP authentication against Windows XP SP1.  I think there's a
>>>> good
>>>> chance a freessl certificate would work too.
>>>>
>>>> 	-Christian
>>>>
>>>> ref.:
>>>> http://support.microsoft.com/?kbid=814394
>>>> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
>>>> http://www.ietf.org/rfc/rfc2459.txt
>>>>
>>>> On Wed, 28 Jul 2004, Mike McCauley wrote:
>>>>
>>>>> Date: Wed, 28 Jul 2004 19:35:44 +1000
>>>>> From: Mike McCauley <mikem at open.com.au>
>>>>> To: scottxiao at antlabs.com
>>>>> Cc: Radiator <radiator at open.com.au>
>>>>> Subject: Re: (RADIATOR) SSL certificate for  802.1x 
>>>>> PEAP/aironet1100
>>>>> WLAN
>>>>>
>>>>> Hi Scott,
>>>>>
>>>>>
>>>>> On Wednesday 28 July 2004 18:41, Scott Xiao  - ANTlabs wrote:
>>>>>> Hi,Mike,
>>>>>> Thanks, so do you have any suggestion that I can purchase 
>>>>>> regarding
>>>>>> the
>>>>>> cert for radius server?Verisign?which type?If you have any
>>>>>> recommendation
>>>>>> that it works well on Radiator....Thanks
>>>>>
>>>>> Verisign offer certificates for radius servers, but I dont know the
>>>>> details of
>>>>> how to apply for one. They do work with Radiator. You should try to
>>>>> get it in
>>>>> PEM format.
>>>>>
>>>>> Cheers.
>>>>>
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list