(RADIATOR) Error "TLS could not load_verify_locations" - FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN

Scott Xiao - ANTlabs scottxiao at antlabs.com
Sun Aug 8 23:44:13 CDT 2004


Hi,Hugh,
Thanks ! I did some update on my config file according to your and
Christian's advice,I downloaded the root CA from FreeSSL and saved in the
certificate directory  as pem format ,and tested again,then I encountered
another error " EAP PEAP TLS read failed:  2144: 1 - error:14094419:SSL
routines:SSL3_READ_BYTES:tlsv1 alert access denied" , what could be the
cause here?Pleaase advise,Thanks a lot!!! Here below is my updated config
file(part) and the error log:

Config file:

EAPType PEAP,MSCHAP-V2

                EAPTLS_CAFile %D/certificates/UTN.pem

                EAPTLS_CertificateFile
%D/certificates/myhost.antlabs.com.pem

                EAPTLS_CertificateType PEM

                EAPTLS_PrivateKeyFile %D/certificates/myhost.antlabs.com.key

                EAPTLS_PrivateKeyPassword [password(hidden)]

Error Log:
Code:       Access-Request
Identifier: 52
Authentic:  <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
Attributes:
        User-Name = "hello"
        WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=GEM1X"
        WISPr-Location-Name = "operator,location"
        NAS-IP-Address = 10.0.0.1
        Service-Type = Framed-User
        NAS-Port = 3
        NAS-Port-Id = "3"
        Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
        Calling-Station-Id = "00-0C-F1-08-37-BF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message =
<2><10><0>!<25><128><0><0><0><23><21><3><1><0><18>'<245><137><179><200>3<167
>nL<133><196>y<243><146>*[m<140>
        Message-Authenticator =
kW<200><133><164><209>,'<166><19><209><223><197>3h<243>
        Proxy-State = 165

Mon Aug  9 12:19:41 2004: DEBUG: Handling request with Handler ''
Mon Aug  9 12:19:41 2004: DEBUG:  Deleting session for hello, 10.0.0.1, 3
Mon Aug  9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL
Mon Aug  9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL:
Mon Aug  9 12:19:41 2004: DEBUG: Handling with EAP: code 2, 10, 33
Mon Aug  9 12:19:41 2004: DEBUG: Response type 25
Mon Aug  9 12:19:41 2004: ERR: EAP PEAP TLS read failed:  2144: 1 -
error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied

Mon Aug  9 12:19:41 2004: DEBUG: EAP result: 1, EAP PEAP TLS read failed
Mon Aug  9 12:19:41 2004: INFO: Access rejected for hello: EAP PEAP TLS read
failed
Mon Aug  9 12:19:41 2004: DEBUG: Packet dump:
*** Sending to 192.168.123.9 port 1814 ....

Packet length = 41
03 34 00 29 d8 e5 80 35 df 65 12 80 66 9f 3e 42
41 03 fe 70 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64 21 05 31 36 35
Code:       Access-Reject
Identifier: 52
Authentic:  <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
Attributes:
        Reply-Message = "Request Denied"
        Proxy-State = 165



-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
Behalf Of Hugh Irvine
Sent: Saturday, August 07, 2004 2:49 PM
To: scottxiao at antlabs.com
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN



Hello Scott -

The problem is that Radiator cannot find the CA certificates because
neither EAPTLS_CAFile nor EAPTLS_CAPath are defined.

The example configuration file "goodies/eap_tls.cfg" shows a working
example.

regards

Hugh


On 7 Aug 2004, at 13:26, Scott Xiao - ANTlabs wrote:

> Thanks Hugh!
> But I still don't understand what relationship between that message
> and my
> problem of PEAP "EAP TLS Could not  initialise context". Since I have a
> certificate from FreeSSL,do I still need the cert in
> "demoCA/cacert.pem"  ?
> Do you have a samle configure of using actual certificate instead of
> self-signed certificate?Thanks!
> Rgds
> Scott
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Saturday, August 07, 2004 7:32 AM
> To: scottxiao at antlabs.com
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
>
>
>
> Hello Scott -
>
> The complete message is this:
>
> TLS.pm:     $parent->log($main::LOG_ERR, "TLS could not
> load_verify_locations $parent->{EAPTLS_CAFile},
> $parent->{EAPTLS_CAPath}: $errs");
>
> See the example configuration file in "goodies/eap_tls.cfg".
>
> Here is the relevant section:
>
>                  # EAPTLS_CAFile is the name of a file of CA
> certificates
>                  # in PEM format. The file can contain several CA
> certificates
>                  # Radiator will first look in EAPTLS_CAFile then in
>                  # EAPTLS_CAPath, so there usually is no need to set
> both
>                  EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>
>                  # EAPTLS_CAPath is the name of a directory containing
> CA
>                  # certificates (and possible CRLs) in PEM format. The
> files each contain one
>                  # CA certificate. The files are looked up by the CA
>                  # subject name hash value
> #               EAPTLS_CAPath %D/certificates/demoCA
>
> regards
>
> Hugh
>
>
> On 7 Aug 2004, at 01:22, Scott Xiao - ANTlabs wrote:
>
>> Hi,
>> Thanks for all the help on my timer issue,PEAP,acct stop issue,all
>> those
>> resolved.
>> The current issue is,I got an error of "TLS could not
>> load_verify_locations"
>> with an actually certificate,see the config file and debug below.
>> I purchased a server ceriticate from freessl.com , copy the text part
>> of the
>> cert into a text file and saved in the certificate directory of
>> radiator as
>> a .pem file, together with the private key file (.key file).Then I
>> modified
>> the config file  to point the path to the certificate
>> directory,instead of
>> using the sample certificates.I found the sample pem file has 2
>> parts,public
>> key and private key inside,while my pem file (server cert) has only
>> one
>> part,which is the server server cert itself.But I don't think it's
>> issue
>> since the comments in the file says it could be the same file for the
>> keys.Then I tested,and got the error as mentioned.Can you advise what
>> 's the
>> problem?FreeSSL's webserver cert should work in this senario,right?How
>> to
>> make a pem file to have 2 parts like the samle one?Thanks!!
>> Rgds
>> Scott
>>
>>
>> config file:
>>
>>   EAPType PEAP,MSCHAP-V2
>>
>>
>>                 EAPTLS_CertificateFile
>> %D/certificates/myhost.antlabs.com.pem
>>
>>                 EAPTLS_CertificateType PEM
>>                 #EAPTLS_CertificateType CRT
>>
>>                 # EAPTLS_PrivateKeyFile is the name of the file
>> containing
>>                 # the servers private key. It is sometimes in the same
>> file
>>                 # as the server certificate (EAPTLS_CertificateFile)
>>                 # If the private key is encrypted (usually the case)
>>                 # then EAPTLS_PrivateKeyPassword is the key to
>> descrypt it
>>                 #EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>                 EAPTLS_PrivateKeyFile
>> %D/certificates/myhost.antlabs.com.key
>>                 #EAPTLS_PrivateKeyFile
>> /etc/radiator/certificates/myhost.antlabs.com.key
>> #               EAPTLS_PrivateKeyFile %D/certificates/myhost.pem
>>                 #EAPTLS_PrivateKeyPassword whatever
>>                 EAPTLS_PrivateKeyPassword hiddenpassword
>>
>> Debuging info:
>>
>> [root at AAA Radiator-3.9]# ./radiusd -foreground  -config_file ./tt1.cfg
>> Fri Aug  6 23:04:27 2004: DEBUG: Finished reading configuration file
>> './tt1.cfg'
>> Fri Aug  6 23:04:27 2004: DEBUG: Reading dictionary file
>> '/usr/src/802/radiator/Radiator-3.9/dictionary'
>> Fri Aug  6 23:04:27 2004: DEBUG: Creating authentication port
>> 0.0.0.0:1812
>> Fri Aug  6 23:04:27 2004: DEBUG: Creating accounting port 0.0.0.0:1813
>> Fri Aug  6 23:04:27 2004: NOTICE: Server started: Radiator 3.9 on AAA
>>
>>
>>
>> Fri Aug  6 23:04:50 2004: DEBUG: Packet dump:
>> *** Received from 192.168.123.9 port 1814 ....
>>
>> Packet length = 266
>> 01 2a 01 0a 6b 23 57 6b 5f b8 ea 46 bd 67 35 ac
>> 73 e7 51 2a 01 07 68 65 6c 6c 6f 1a 36 00 00 37
>> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
>> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
>> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
>> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
>> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
>> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
>> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
>> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
>> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
>> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
>> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
>> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
>> 38 30 32 2e 31 31 62 4f 0c 02 01 00 0a 01 68 65
>> 6c 6c 6f 50 12 a3 6c 26 6a 29 c3 cf 09 f1 3a af
>> e2 a7 d9 7a 27 21 05 31 35 35
>> Code:       Access-Request
>> Identifier: 42
>> Authentic:  k#Wk_<184><234>F<189>g5<172>s<231>Q*
>> Attributes:
>>         User-Name = "hello"
>>         WISPr-Location-ID =
>> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
>>         WISPr-Location-Name = "operator,location"
>>         NAS-IP-Address = 10.0.0.1
>>         Service-Type = Framed-User
>>         NAS-Port = 3
>>         NAS-Port-Id = "3"
>>         Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
>>         Calling-Station-Id = "00-0C-F1-08-37-BF"
>>         Framed-MTU = 1400
>>         NAS-Port-Type = Wireless-IEEE-802-11
>>         NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
>>         Connect-Info = "CONNECT 11Mbps 802.11b"
>>         EAP-Message = <2><1><0><10><1>hello
>>         Message-Authenticator =
>> <163>l&j)<195><207><9><241>:<175><226><167><217>z'
>>         Proxy-State = 155
>>
>> Fri Aug  6 23:04:50 2004: DEBUG: Handling request with Handler ''
>> Fri Aug  6 23:04:50 2004: DEBUG:  Deleting session for hello,
>> 10.0.0.1, 3
>> Fri Aug  6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL
>> Fri Aug  6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL:
>> Fri Aug  6 23:04:50 2004: DEBUG: Handling with EAP: code 2, 1, 10
>> Fri Aug  6 23:04:50 2004: DEBUG: Response type 1
>> Fri Aug  6 23:04:50 2004: ERR: TLS could not load_verify_locations , :
>> Fri Aug  6 23:04:50 2004: DEBUG: EAP result: 1, EAP TLS Could not
>> initialise
>> context
>> Fri Aug  6 23:04:50 2004: INFO: Access rejected for hello: EAP TLS
>> Could not
>> initialise context
>> Fri Aug  6 23:04:50 2004: DEBUG: Packet dump:
>> *** Sending to 192.168.123.9 port 1814 ....
>>
>> Packet length = 41
>> 03 2a 00 29 de 49 a8 63 73 f4 3d 7e 46 3b f0 77
>> f0 4e 7e 85 12 10 52 65 71 75 65 73 74 20 44 65
>> 6e 69 65 64 21 05 31 35 35
>> Code:       Access-Reject
>> Identifier: 42
>> Authentic:  k#Wk_<184><234>F<189>g5<172>s<231>Q*
>> Attributes:
>>         Reply-Message = "Request Denied"
>>         Proxy-State = 155
>>
>> Fri Aug  6 23:05:05 2004: DEBUG: Packet dump:
>> *** Received from 192.168.123.9 port 1814 ....
>>
>> Packet length = 266
>> 01 2b 01 0a 64 a2 eb e1 33 a6 36 6a ea dd 0b e5
>> be e9 8b 22 01 07 73 63 6f 74 74 1a 36 00 00 37
>> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
>> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
>> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
>> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
>> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
>> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
>> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
>> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
>> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
>> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
>> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
>> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
>> 38 30 32 2e 31 31 62 4f 0c 02 02 00 0a 01 73 63
>> 6f 74 74 50 12 80 4b 89 4b 8f ad 7a c7 a3 d5 a6
>> 5e b0 d6 23 19 21 05 31 35 36
>> Code:       Access-Request
>> Identifier: 43
>> Authentic:
>> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
>> Attributes:
>>         User-Name = "scott"
>>         WISPr-Location-ID =
>> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
>>         WISPr-Location-Name = "operator,location"
>>         NAS-IP-Address = 10.0.0.1
>>         Service-Type = Framed-User
>>         NAS-Port = 3
>>         NAS-Port-Id = "3"
>>         Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
>>         Calling-Station-Id = "00-0C-F1-08-37-BF"
>>         Framed-MTU = 1400
>>         NAS-Port-Type = Wireless-IEEE-802-11
>>         NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
>>         Connect-Info = "CONNECT 11Mbps 802.11b"
>>         EAP-Message = <2><2><0><10><1>scott
>>         Message-Authenticator =
>> <128>K<137>K<143><173>z<199><163><213><166>^<176><214>#<25>
>>         Proxy-State = 156
>>
>> Fri Aug  6 23:05:05 2004: DEBUG: Handling request with Handler ''
>> Fri Aug  6 23:05:05 2004: DEBUG:  Deleting session for scott,
>> 10.0.0.1, 3
>> Fri Aug  6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL
>> Fri Aug  6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL:
>> Fri Aug  6 23:05:05 2004: DEBUG: Handling with EAP: code 2, 2, 10
>> Fri Aug  6 23:05:05 2004: DEBUG: Response type 1
>> Fri Aug  6 23:05:05 2004: ERR: TLS could not load_verify_locations , :
>> Fri Aug  6 23:05:05 2004: DEBUG: EAP result: 1, EAP TLS Could not
>> initialise
>> context
>> Fri Aug  6 23:05:05 2004: INFO: Access rejected for scott: EAP TLS
>> Could not
>> initialise context
>> Fri Aug  6 23:05:05 2004: DEBUG: Packet dump:
>> *** Sending to 192.168.123.9 port 1814 ....
>>
>> Packet length = 41
>> 03 2b 00 29 43 89 dc ac 25 80 f5 79 2e df dc b9
>> 46 58 5b 41 12 10 52 65 71 75 65 73 74 20 44 65
>> 6e 69 65 64 21 05 31 35 36
>> Code:       Access-Reject
>> Identifier: 43
>> Authentic:
>> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
>> Attributes:
>>         Reply-Message = "Request Denied"
>>         Proxy-State = 156
>>
>>
>> [root at AAA Radiator-3.9]#
>>
>> [root at AAA certificates]# ls
>> cert-clt.p12  demoCA                   myhost.antlabs.com.pem
>> root.pem
>> cert-clt.pem  myhost.antlabs.com.crt  README
>> cert-srv.pem  myhost.antlabs.com.key  root.der
>> [root at AAA certificates]#
>>
>>
>>
>> -----Original Message-----
>> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
>> Behalf Of Bon sy
>> Sent: Tuesday, August 03, 2004 7:10 PM
>> To: Terry Simons
>> Cc: scottxiao at antlabs.com; radiator at open.com.au
>> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100
>> WLAN
>>
>>
>> Hi Scott and Terry,
>>
>> 	If your main concern is the cost as Terry mentioned, you may want
>> to consider building your own CA using openssl. If a moderate cost
>> investment may fit your budget, you may want to look into CATool as
>> Mike/Hugh has suggested previously.
>>
>> 	We have tried and used both. Building your own CA using openssl is
>> more involved --- and obviously you have to provide your own technical
>> support --- in comparing to using CATool. If you do want to build your
>> own
>> CA using openssl and to avoid the frustration causing your late night
>> sleepless symtom, we find it important to build up the comfort level
>> on
>> openssl, perl, and Linux, and definitely read up a lot from the
>> mailing
>> list, before doing it.
>>
>> Bon
>>
>>
>> On Mon, 2 Aug 2004, Terry Simons wrote:
>>
>>> Hi Scott,
>>>
>>> You *can* reuse a server certificate in another location later.
>>>
>>> The domain name has no real significance, except that you need to
>>> verify it on the client to ensure that your clients are secure.  The
>>> domain can be whatever you like, and can exist on multiple servers...
>>> there is no inherent tie to any given server.
>>>
>>> That said, it is probably *not* a good idea to reuse certificates in
>>> a
>>> production environment, but it does work.
>>>
>>> Is the main reason why you are purchasing certificates to ensure that
>>> the client has a pre-installed CA certificate that will verify your
>>> certificate, or for some other reason?
>>>
>>> If your main concern is the cost, you should probably consider
>>> rolling
>>> your own certificates.
>>>
>>> - Terry
>>>
>>> On Aug 2, 2004, at 8:59 PM, Scott Xiao - ANTlabs wrote:
>>>
>>>>
>>>> Hi,
>>>> Can any of you recommend one workable Radius(Radiator) server
>>>> certificate
>>>> besides Verisign?I want to buy a cheaper one,use it in  802.1x PEAP
>>>> WLAN
>>>> hotspot.If I use it for domain "hostname.mydomain.com" ,can I use
>>>> the
>>>> same
>>>> certificate in future if I deploy a same WLAN in another place which
>>>> will
>>>> still use the same domain name?Thanks!
>>>> Rgds
>>>> Scott Xiao
>>>> -----Original Message-----
>>>> From: owner-radiator at open.com.au
>>>> [mailto:owner-radiator at open.com.au]On
>>>> Behalf Of Terry Simons
>>>> Sent: Thursday, July 29, 2004 1:15 PM
>>>> To: Christian Wiedmann
>>>> Cc: radiator at open.com.au
>>>> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100
>>>> WLAN
>>>>
>>>>
>>>> Hi,
>>>>
>>>> On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:
>>>>
>>>>> As far as I know, the XP server extension OID is the one that is
>>>>> also
>>>>> used for web servers.  Therefore, a web server certificate should
>>>>> work.
>>>>
>>>> This is true.  There is one thing that people should probably be
>>>> aware
>>>> of, however.
>>>>
>>>> At the last Networld + Interop HotStage, we did some extensive
>>>> testing
>>>> with this and it was determined that what should probably happen is
>>>> to
>>>> officially apply for some OIDs for 802.1X authentication servers.
>>>> One
>>>> of the HotStage members that is involved in the IETF and the IEEE is
>>>> pushing that a bit, so it could be the case that a "proper" OID set
>>>> will come out in the future.  It could be a ways out, but I
>>>> personally
>>>> hope that it happens so we can have an "official" way of creating
>>>> "802.1X authentication" certificates.
>>>>
>>>> - Terry
>>>>
>>>>>
>>>>> For what it's worth, I've successfully used a Verisign web server
>>>>> certificate
>>>>> for PEAP authentication against Windows XP SP1.  I think there's a
>>>>> good
>>>>> chance a freessl certificate would work too.
>>>>>
>>>>> 	-Christian
>>>>>
>>>>> ref.:
>>>>> http://support.microsoft.com/?kbid=814394
>>>>> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
>>>>> http://www.ietf.org/rfc/rfc2459.txt
>>>>>
>>>>> On Wed, 28 Jul 2004, Mike McCauley wrote:
>>>>>
>>>>>> Date: Wed, 28 Jul 2004 19:35:44 +1000
>>>>>> From: Mike McCauley <mikem at open.com.au>
>>>>>> To: scottxiao at antlabs.com
>>>>>> Cc: Radiator <radiator at open.com.au>
>>>>>> Subject: Re: (RADIATOR) SSL certificate for  802.1x
>>>>>> PEAP/aironet1100
>>>>>> WLAN
>>>>>>
>>>>>> Hi Scott,
>>>>>>
>>>>>>
>>>>>> On Wednesday 28 July 2004 18:41, Scott Xiao  - ANTlabs wrote:
>>>>>>> Hi,Mike,
>>>>>>> Thanks, so do you have any suggestion that I can purchase
>>>>>>> regarding
>>>>>>> the
>>>>>>> cert for radius server?Verisign?which type?If you have any
>>>>>>> recommendation
>>>>>>> that it works well on Radiator....Thanks
>>>>>>
>>>>>> Verisign offer certificates for radius servers, but I dont know
>>>>>> the
>>>>>> details of
>>>>>> how to apply for one. They do work with Radiator. You should try
>>>>>> to
>>>>>> get it in
>>>>>> PEM format.
>>>>>>
>>>>>> Cheers.
>>>>>>
>>>>>
>>>>> --
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list