(RADIATOR) Error "TLS could not load_verify_locations" - FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
Scott Xiao - ANTlabs
scottxiao at antlabs.com
Mon Aug 9 06:39:30 CDT 2004
Hi,Mike,
Here below is the whole trace file,please advise,thanks!
Rgds
Scott
Log:
Mon Aug 9 19:30:42 2004: DEBUG: Finished reading configuration file
'/usr/src/802/radiator/Radiator-3.9/test1.cfg'
Mon Aug 9 19:30:42 2004: DEBUG: Reading dictionary file
'/usr/src/802/radiator/Radiator-3.9/dictionary'
Mon Aug 9 19:30:43 2004: DEBUG: Creating authentication port 0.0.0.0:1812
Mon Aug 9 19:30:43 2004: DEBUG: Creating accounting port 0.0.0.0:1813
Mon Aug 9 19:30:43 2004: NOTICE: Server started: Radiator 3.9 on AAA
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Received from 192.168.123.9 port 1814 ....
Packet length = 262
01 23 01 06 4a fd 1e a2 e4 08 fb a3 66 9e 0c 1b
2f 6c 5e c8 01 05 39 39 39 1a 36 00 00 37 2a 01
30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c 63 63
3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75 6c 6c
29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31 58 1a
19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f 72 2c
6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01 06 06
00 00 00 02 05 06 00 00 00 03 57 03 33 1e 19 30
30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d 43 30
3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d 46 31
2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05 78 3d
06 00 00 00 13 20 18 30 30 2d 39 30 2d 34 62 2d
37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d 18 43
4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20 38 30
32 2e 31 31 62 4f 0a 02 03 00 08 01 39 39 39 50
12 dd f0 11 98 de 4a e8 fc 07 64 37 ba 35 54 a0
61 21 05 31 34 38
Code: Access-Request
Identifier: 35
Authentic: J<253><30><162><228><8><251><163>f<158><12><27>/l^<200>
Attributes:
User-Name = "999"
WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=GEM1X"
WISPr-Location-Name = "operator,location"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
NAS-Port = 3
NAS-Port-Id = "3"
Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
Calling-Station-Id = "00-0C-F1-08-37-BF"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><3><0><8><1>999
Message-Authenticator =
<221><240><17><152><222>J<232><252><7>d7<186>5T<160>a
Proxy-State = 148
Mon Aug 9 19:30:48 2004: DEBUG: Handling request with Handler ''
Mon Aug 9 19:30:48 2004: DEBUG: Deleting session for 999, 10.0.0.1, 3
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 9 19:30:48 2004: DEBUG: Handling with EAP: code 2, 3, 8
Mon Aug 9 19:30:48 2004: DEBUG: Response type 1
Mon Aug 9 19:30:48 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Access challenged for 999: EAP PEAP
Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Sending to 192.168.123.9 port 1814 ....
Packet length = 51
0b 23 00 33 9f 56 de 73 bd 50 82 e9 a9 55 43 b0
10 2a ac 6d 4f 08 01 04 00 06 19 21 50 12 23 ef
49 a3 e0 57 82 ff 60 b0 bb 05 97 0d 33 e5 21 05
31 34 38
Code: Access-Challenge
Identifier: 35
Authentic: J<253><30><162><228><8><251><163>f<158><12><27>/l^<200>
Attributes:
EAP-Message = <1><4><0><6><25>!
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 148
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Received from 192.168.123.9 port 1814 ....
Packet length = 334
01 24 01 4e a6 6d 2c 89 ac f1 75 5c 28 f7 ce ab
d5 e5 b0 f3 01 05 39 39 39 1a 36 00 00 37 2a 01
30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c 63 63
3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75 6c 6c
29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31 58 1a
19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f 72 2c
6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01 06 06
00 00 00 02 05 06 00 00 00 03 57 03 33 1e 19 30
30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d 43 30
3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d 46 31
2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05 78 3d
06 00 00 00 13 20 18 30 30 2d 39 30 2d 34 62 2d
37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d 18 43
4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20 38 30
32 2e 31 31 62 4f 52 02 04 00 50 19 80 00 00 00
46 16 03 01 00 41 01 00 00 3d 03 01 41 17 61 42
e7 6c 00 ef 82 91 5f 8a aa e2 59 10 b4 29 19 5e
bf 98 3d df 40 a3 3f 36 15 c4 24 2c 00 00 16 00
04 00 05 00 0a 00 09 00 64 00 62 00 03 00 06 00
13 00 12 00 63 01 00 50 12 b1 8c 43 a9 a7 6e bf
54 bf 71 55 72 29 79 92 2e 21 05 31 34 39
Code: Access-Request
Identifier: 36
Authentic: <166>m,<137><172><241>u\(<247><206><171><213><229><176><243>
Attributes:
User-Name = "999"
WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=GEM1X"
WISPr-Location-Name = "operator,location"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
NAS-Port = 3
NAS-Port-Id = "3"
Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
Calling-Station-Id = "00-0C-F1-08-37-BF"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
<2><4><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>A<23>aB<231>l<0><
239><130><145>_<138><170><226>Y<16><180>)<25>^<191><152>=<223>@<163>?6<21><1
96>$,<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0
>c<1><0>
Message-Authenticator = <177><140>C<169><167>n<191>T<191>qUr)y<146>.
Proxy-State = 149
Mon Aug 9 19:30:48 2004: DEBUG: Handling request with Handler ''
Mon Aug 9 19:30:48 2004: DEBUG: Deleting session for 999, 10.0.0.1, 3
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 9 19:30:48 2004: DEBUG: Handling with EAP: code 2, 4, 80
Mon Aug 9 19:30:48 2004: DEBUG: Response type 25
Mon Aug 9 19:30:48 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Aug 9 19:30:48 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Access challenged for 999: EAP PEAP
Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Sending to 192.168.123.9 port 1814 ....
Packet length = 1061
0b 24 04 25 ab b0 dc 09 46 7d ba ef 98 1e de 15
59 64 6a 0d 4f ff 01 05 03 f2 19 c0 00 00 09 85
16 03 01 00 4a 02 00 00 46 03 01 41 17 60 68 6e
ba be 6e 8a ed db 0c 4d f2 db 68 a8 c6 77 92 9c
9f 60 35 9b 8a 37 64 d1 19 f3 6d 20 a4 19 ea 5c
bb 02 65 20 e5 0e 84 8f 41 60 2e 22 6f 32 44 eb
e3 ca b3 a8 ed fc 3e e1 d1 08 8c f6 00 04 00 16
03 01 08 77 0b 00 08 73 00 08 70 00 04 02 30 82
03 fe 30 82 02 e6 a0 03 02 01 02 02 04 00 85 ec
ae 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00
30 81 a3 31 0b 30 09 06 03 55 04 06 13 02 55 53
31 0b 30 09 06 03 55 04 08 13 02 55 54 31 17 30
15 06 03 55 04 07 13 0e 53 61 6c 74 20 4c 61 6b
65 20 43 69 74 79 31 1e 30 1c 06 03 55 04 0a 13
15 54 68 65 20 55 53 45 52 54 52 55 53 54 20 4e
65 74 77 6f 72 6b 31 21 30 1f 06 03 55 04 0b 13
18 68 74 74 70 3a 2f 2f 77 77 77 2e 75 73 65 72
74 72 75 4f ff 73 74 2e 63 6f 6d 31 2b 30 29 06
03 55 04 03 13 22 55 54 4e 2d 55 53 45 52 46 69
72 73 74 2d 4e 65 74 77 6f 72 6b 20 41 70 70 6c
69 63 61 74 69 6f 6e 73 30 1e 17 0d 30 34 30 38
30 34 31 31 32 36 30 39 5a 17 0d 30 39 30 38 30
34 31 31 32 36 30 39 5a 30 81 d2 31 0b 30 09 06
03 55 04 06 13 02 53 47 31 1c 30 1a 06 03 55 04
0a 13 13 65 7a 78 63 65 73 73 2e 61 6e 74 6c 61
62 73 2e 63 6f 6d 31 3c 30 3a 06 03 55 04 0b 13
33 68 74 74 70 73 3a 2f 2f 73 65 72 76 69 63 65
73 2e 63 68 6f 69 63 65 70 6f 69 6e 74 2e 6e 65
74 2f 67 65 74 2e 6a 73 70 3f 47 54 32 33 39 36
37 35 33 35 31 26 30 24 06 03 55 04 0b 13 1d 53
65 65 20 77 77 77 2e 66 72 65 65 73 73 6c 2e 63
6f 6d 2f 63 70 73 20 28 63 29 30 34 31 21 30 1f
06 03 55 04 0b 13 18 44 6f 6d 61 69 6e 20 43 6f
6e 74 4f ff 72 6f 6c 20 56 61 6c 69 64 61 74 65
64 31 1c 30 1a 06 03 55 04 03 13 13 65 7a 78 63
65 73 73 2e 61 6e 74 6c 61 62 73 2e 63 6f 6d 30
81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05
00 03 81 8d 00 30 81 89 02 81 81 00 b4 f4 f9 81
9e ee 4d b5 09 ca a3 3f 1b 45 3f dd df af 03 19
54 b2 24 59 5e 00 60 2a 8d 3f 3f ae d8 69 f7 e9
43 f3 8a d3 79 d7 95 79 ca 3c 9d 16 3a a1 6b e4
1e 59 ed a4 3f be 90 3a 27 2b 09 8b 3b ad 4e 97
84 b4 33 c3 8c 9d d5 e3 8b f5 40 e9 30 70 fd e5
e0 3e f6 82 42 b1 bf 37 2c 63 25 70 1d 69 e7 af
54 17 7a a6 f3 10 bd 2a 70 19 be 46 fc 45 c5 fd
8a a9 9a 69 51 27 9e 24 0f 0a 21 db 02 03 01 00
01 a3 81 8c 30 81 89 30 11 06 09 60 86 48 01 86
f8 42 01 01 04 04 03 02 06 40 30 0e 06 03 55 1d
0f 01 01 ff 04 04 03 02 04 f0 30 35 06 03 55 1d
1f 4f fd 04 2e 30 2c 30 2a a0 28 a0 26 86 24 68
74 74 70 3a 2f 2f 63 72 6c 2e 67 65 6f 74 72 75
73 74 2e 63 6f 6d 2f 63 72 6c 73 2f 75 74 6e 2e
63 72 6c 30 1f 06 03 55 1d 23 04 18 30 16 80 14
fa 86 c9 db e0 ba e9 78 f5 4b a8 d6 15 df f0 d3
e1 6a 14 3c 30 0c 06 03 55 1d 13 01 01 ff 04 02
30 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05
00 03 82 01 01 00 b2 51 9e 83 48 c7 f3 a4 c5 a5
a2 52 8c be 7e 03 d9 e1 e4 07 8b 1a 49 db 0d cc
f1 60 5f 37 25 b2 3b eb e7 b2 0b 46 73 7f 46 5e
90 ef f4 08 e4 cd 99 9a 91 73 db 61 8b 77 ee a8
c3 88 77 cb 94 ee ce 2d 19 2c 30 1c c2 74 23 04
82 75 90 bb c9 a2 88 32 25 e0 19 90 78 72 7b 7e
21 65 38 37 84 d1 cf 8c 08 40 b0 0e df 3c 27 34
f6 01 08 d1 5a 57 55 fb 7f 99 71 8c 24 c9 2c ba
44 1b c3 2b 46 4d 24 79 24 5f a6 fe 9a 95 50 12
a0 8f 58 64 85 50 3e 9c fa 2e 7c 31 11 2a 45 f6
21 05 31 34 39
Code: Access-Challenge
Identifier: 36
Authentic: <166>m,<137><172><241>u\(<247><206><171><213><229><176><243>
Attributes:
EAP-Message =
<1><5><3><242><25><192><0><0><9><133><22><3><1><0>J<2><0><0>F<3><1>A<23>`hn<
186><190>n<138><237><219><12>M<242><219>h<168><198>w<146><156><159>`5<155><1
38>7d<209><25><243>m <164><25><234>\<187><2>e
<229><14><132><143>A`."o2D<235><227><202><179><168><237><252>><225><209><8><
140><246><0><4><0><22><3><1><8>w<11><0><8>s<0><8>p<0><4><2>0<130><3><254>0<1
30><2><230><160><3><2><1><2><2><4><0><133><236><174>0<13><6><9>*<134>H<134><
247><13><1><1><4><5><0>0<129><163>1<11>0<9><6><3>U<4><6><19><2>US1<11>0<9><6
><3>U<4><8><19><2>UT1<23>0<21><6><3>U<4><7><19><14>Salt Lake
City1<30>0<28><6><3>U<4><10><19><21>The USERTRUST
Network1!0<31><6><3>U<4><11><19><24>http://www.usertru
EAP-Message = st.com1+0)<6><3>U<4><3><19>"UTN-USERFirst-Network
Applications0<30><23><13>040804112609Z<23><13>090804112609Z0<129><210>1<11>0
<9><6><3>U<4><6><19><2>SG1<28>0<26><6><3>U<4><10><19><19>myhost.antlabs.com1
<0:<6><3>U<4><11><19>3https://services.choicepoint.net/get.jsp?GT239675351&0
$<6><3>U<4><11><19><29>See www.freessl.com/cps
(c)041!0<31><6><3>U<4><11><19><24>Domain Cont
EAP-Message = rol
Validated1<28>0<26><6><3>U<4><3><19><19>myhost.antlabs.com0<129><159>0<13><6
><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><
129><0><180><244><249><129><158><238>M<181><9><202><163>?<27>E?<221><223><17
5><3><25>T<178>$Y^<0>`*<141>??<174><216>i<247><233>C<243><138><211>y<215><14
9>y<202><<157><22>:<161>k<228><30>Y<237><164>?<190><144>:'+<9><139>;<173>N<1
51><132><180>3<195><140><157><213><227><139><245>@<233>0p<253><229><224>><24
6><130>B<177><191>7,c%p<29>i<231><175>T<23>z<166><243><16><189>*p<25><190>F<
252>E<197><253><138><169><154>iQ'<158>$<15><10>!<219><2><3><1><0><1><163><12
9><140>0<129><137>0<17><6><9>`<134>H<1><134><248>B<1><1><4><4><3><2><6>@0<14
><6><3>U<29><15><1><1><255><4><4><3><2><4><240>05<6><3>U<29><31>
EAP-Message =
<4>.0,0*<160>(<160>&<134>$http://crl.geotrust.com/crls/utn.crl0<31><6><3>U<2
9>#<4><24>0<22><128><20><250><134><201><219><224><186><233>x<245>K<168><214>
<21><223><240><211><225>j<20><0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<13>
<6><9>*<134>H<134><247><13><1><1><4><5><0><3><130><1><1><0><178>Q<158><131>H
<199><243><164><197><165><162>R<140><190>~<3><217><225><228><7><139><26>I<21
9><13><204><241>`_7%<178>;<235><231><178><11>Fs<127>F^<144><239><244><8><228
><205><153><154><145>s<219>a<139>w<238><168><195><136>w<203><148><238><206>-
<25>,0<28><194>t#<4><130>u<144><187><201><162><136>2%<224><25><144>xr{~!e87<
132><209><207><140><8>@<176><14><223><'4<246><1><8><209>ZWU<251><127><153>q<
140>$<201>,<186>D<27><195>+FM$y$_<166><254><154><149>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 149
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Received from 192.168.123.9 port 1814 ....
Packet length = 260
01 25 01 04 f5 76 cd 44 e2 1c 43 ba 6d 3a 58 15
f3 15 d9 a3 01 05 39 39 39 1a 36 00 00 37 2a 01
30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c 63 63
3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75 6c 6c
29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31 58 1a
19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f 72 2c
6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01 06 06
00 00 00 02 05 06 00 00 00 03 57 03 33 1e 19 30
30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d 43 30
3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d 46 31
2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05 78 3d
06 00 00 00 13 20 18 30 30 2d 39 30 2d 34 62 2d
37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d 18 43
4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20 38 30
32 2e 31 31 62 4f 08 02 05 00 06 19 00 50 12 ce
85 92 25 ee 87 53 3b e1 dc d3 05 0e 15 ce df 21
05 31 35 30
Code: Access-Request
Identifier: 37
Authentic: <245>v<205>D<226><28>C<186>m:X<21><243><21><217><163>
Attributes:
User-Name = "999"
WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=GEM1X"
WISPr-Location-Name = "operator,location"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
NAS-Port = 3
NAS-Port-Id = "3"
Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
Calling-Station-Id = "00-0C-F1-08-37-BF"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><5><0><6><25><0>
Message-Authenticator =
<206><133><146>%<238><135>S;<225><220><211><5><14><21><206><223>
Proxy-State = 150
Mon Aug 9 19:30:48 2004: DEBUG: Handling request with Handler ''
Mon Aug 9 19:30:48 2004: DEBUG: Deleting session for 999, 10.0.0.1, 3
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 9 19:30:48 2004: DEBUG: Handling with EAP: code 2, 5, 6
Mon Aug 9 19:30:48 2004: DEBUG: Response type 25
Mon Aug 9 19:30:48 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Access challenged for 999: EAP PEAP
Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Sending to 192.168.123.9 port 1814 ....
Packet length = 1057
0b 25 04 21 4b 90 c3 6e 86 15 e7 1d 59 4c 79 ad
d8 e7 e1 13 4f ff 01 06 03 ee 19 40 9f 9e a1 0f
56 3c 87 40 2d 4b 24 42 42 81 7f f9 6c ae 73 05
1a 3e 35 1b e8 09 01 ff c5 8a 67 2b 74 8a 11 ac
f1 2d de fa d5 d9 9c 30 26 a4 72 65 8e 89 48 0b
4d ce 4a b8 fc df 5c 03 8e be c0 bc d2 3b 3b a6
13 a5 f6 02 6a a4 6d 64 e5 51 8f a1 66 b9 3d 7c
1f 79 8f 9e c7 a1 b6 62 2c 1b 87 40 a3 0b d3 33
0c 59 4b 86 85 51 5e de dc 48 b6 04 98 f4 10 48
5d 64 62 32 00 04 68 30 82 04 64 30 82 03 4c a0
03 02 01 02 02 10 44 be 0c 8b 50 00 24 b4 11 d3
36 30 4b c0 33 77 30 0d 06 09 2a 86 48 86 f7 0d
01 01 05 05 00 30 81 a3 31 0b 30 09 06 03 55 04
06 13 02 55 53 31 0b 30 09 06 03 55 04 08 13 02
55 54 31 17 30 15 06 03 55 04 07 13 0e 53 61 6c
74 20 4c 61 6b 65 20 43 69 74 79 31 1e 30 1c 06
03 55 04 0a 13 15 54 68 65 20 55 53 45 52 54 52
55 53 54 4f ff 20 4e 65 74 77 6f 72 6b 31 21 30
1f 06 03 55 04 0b 13 18 68 74 74 70 3a 2f 2f 77
77 77 2e 75 73 65 72 74 72 75 73 74 2e 63 6f 6d
31 2b 30 29 06 03 55 04 03 13 22 55 54 4e 2d 55
53 45 52 46 69 72 73 74 2d 4e 65 74 77 6f 72 6b
20 41 70 70 6c 69 63 61 74 69 6f 6e 73 30 1e 17
0d 39 39 30 37 30 39 31 38 34 38 33 39 5a 17 0d
31 39 30 37 30 39 31 38 35 37 34 39 5a 30 81 a3
31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0b 30
09 06 03 55 04 08 13 02 55 54 31 17 30 15 06 03
55 04 07 13 0e 53 61 6c 74 20 4c 61 6b 65 20 43
69 74 79 31 1e 30 1c 06 03 55 04 0a 13 15 54 68
65 20 55 53 45 52 54 52 55 53 54 20 4e 65 74 77
6f 72 6b 31 21 30 1f 06 03 55 04 0b 13 18 68 74
74 70 3a 2f 2f 77 77 77 2e 75 73 65 72 74 72 75
73 74 2e 63 6f 6d 31 2b 30 29 06 03 55 04 03 13
22 55 4f ff 54 4e 2d 55 53 45 52 46 69 72 73 74
2d 4e 65 74 77 6f 72 6b 20 41 70 70 6c 69 63 61
74 69 6f 6e 73 30 82 01 22 30 0d 06 09 2a 86 48
86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01
0a 02 82 01 01 00 b3 fb 91 a1 e4 36 55 85 ac 06
34 5b a0 9a 58 b2 f8 b5 0f 05 77 83 ae 32 b1 76
92 68 ec 23 4a c9 76 3f e3 9c b6 37 79 03 b9 ab
69 8d 07 25 b6 19 67 e4 b0 1b 18 73 61 4a e8 7e
cd d3 2f 64 e3 a6 7c 0c fa 17 80 a3 0d 47 89 4f
51 71 2f ee fc 3f f9 b8 16 80 87 89 93 25 20 9a
43 82 69 24 76 28 59 35 a1 1d c0 7f 83 06 64 16
20 2c d3 49 a4 85 b4 c0 61 7f 51 08 f8 68 15 91
80 cb a5 d5 ee 3b 3a f4 84 04 5e 60 59 a7 8c 34
72 ee b8 78 c5 d1 3b 12 4a 6f 7e 65 27 b9 a4 55
c5 b9 6f 43 a4 c5 1d 2c 99 c0 52 a4 78 4c 15 b3
40 98 08 6b 43 c6 01 b0 7a 7b f5 6b 1c 22 3f cb
ef 4f f9 ff a8 d0 3a 4b 76 15 9e d2 d1 c6 2e e3
db 57 1b 32 a2 b8 6f e8 86 a6 3f 70 ab e5 70 92
ab 44 1e 40 50 fb 9c a3 62 e4 6c 6e a0 c8 de e2
80 42 fa e9 2f e8 ce 32 04 8f 7c 8d b7 1c a3 35
3c 15 dd 9e c3 ae 97 a5 02 03 01 00 01 a3 81 91
30 81 8e 30 0b 06 03 55 1d 0f 04 04 03 02 01 c6
30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01
ff 30 1d 06 03 55 1d 0e 04 16 04 14 fa 86 c9 db
e0 ba e9 78 f5 4b a8 d6 15 df f0 d3 e1 6a 14 3c
30 4f 06 03 55 1d 1f 04 48 30 46 30 44 a0 42 a0
40 86 3e 68 74 74 70 3a 2f 2f 63 72 6c 2e 75 73
65 72 74 72 75 73 74 2e 63 6f 6d 2f 55 54 4e 2d
55 53 45 52 46 69 72 73 74 2d 4e 65 74 77 6f 72
6b 41 70 70 6c 69 63 61 74 69 6f 6e 73 2e 63 72
6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00
03 82 01 01 00 a4 f3 25 cc d1 50 12 fe ba 2b be
4b 73 4c 3e aa a9 14 29 3d 6d 2e 18 21 05 31 35
30
Code: Access-Challenge
Identifier: 37
Authentic: <245>v<205>D<226><28>C<186>m:X<21><243><21><217><163>
Attributes:
EAP-Message =
<1><6><3><238><25>@<159><158><161><15>V<<135>@-K$BB<129><127><249>l<174>s<5>
<26>>5<27><232><9><1><255><197><138>g+t<138><17><172><241>-<222><250><213><2
17><156>0&<164>re<142><137>H<11>M<206>J<184><252><223>\<3><142><190><192><18
8><210>;;<166><19><165><246><2>j<164>md<229>Q<143><161>f<185>=|<31>y<143><15
8><199><161><182>b,<27><135>@<163><11><211>3<12>YK<134><133>Q^<222><220>H<18
2><4><152><244><16>H]db2<0><4>h0<130><4>d0<130><3>L<160><3><2><1><2><2><16>D
<190><12><139>P<0>$<180><17><211>60K<192>3w0<13><6><9>*<134>H<134><247><13><
1><1><5><5><0>0<129><163>1<11>0<9><6><3>U<4><6><19><2>US1<11>0<9><6><3>U<4><
8><19><2>UT1<23>0<21><6><3>U<4><7><19><14>Salt Lake
City1<30>0<28><6><3>U<4><10><19><21>The USERTRUST
EAP-Message =
Network1!0<31><6><3>U<4><11><19><24>http://www.usertrust.com1+0)<6><3>U<4><3
><19>"UTN-USERFirst-Network
Applications0<30><23><13>990709184839Z<23><13>190709185749Z0<129><163>1<11>0
<9><6><3>U<4><6><19><2>US1<11>0<9><6><3>U<4><8><19><2>UT1<23>0<21><6><3>U<4>
<7><19><14>Salt Lake City1<30>0<28><6><3>U<4><10><19><21>The USERTRUST
Network1!0<31><6><3>U<4><11><19><24>http://www.usertrust.com1+0)<6><3>U<4><3
><19>"U
EAP-Message = TN-USERFirst-Network
Applications0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130
><1><15><0>0<130><1><10><2><130><1><1><0><179><251><145><161><228>6U<133><17
2><6>4[<160><154>X<178><248><181><15><5>w<131><174>2<177>v<146>h<236>#J<201>
v?<227><156><182>7y<3><185><171>i<141><7>%<182><25>g<228><176><27><24>saJ<23
2>~<205><211>/d<227><166>|<12><250><23><128><163><13>G<137>OQq/<238><252>?<2
49><184><22><128><135><137><147>%
<154>C<130>i$v(Y5<161><29><192><127><131><6>d<22>
,<211>I<164><133><180><192>a<127>Q<8><248>h<21><145><128><203><165><213><238
>;:<244><132><4>^`Y<167><140>4r<238><184>x<197><209>;<18>Jo~e'<185><164>U<19
7><185>oC<164><197><29>,<153><192>R<164>xL<21><179>@<152><8>kC<198><1><176>z
{<245>k<28>"?<203><239>
EAP-Message =
<255><168><208>:Kv<21><158><210><209><198>.<227><219>W<27>2<162><184>o<232><
134><166>?p<171><229>p<146><171>D<30>@P<251><156><163>b<228>ln<160><200><222
><226><128>B<250><233>/<232><206>2<4><143>|<141><183><28><163>5<<21><221><15
8><195><174><151><165><2><3><1><0><1><163><129><145>0<129><142>0<11><6><3>U<
29><15><4><4><3><2><1><198>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1><2
55>0<29><6><3>U<29><14><4><22><4><20><250><134><201><219><224><186><233>x<24
5>K<168><214><21><223><240><211><225>j<20><0O<6><3>U<29><31><4>H0F0D<160>B<1
60>@<134>>http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl0<13
><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><164><243>%<204>
<209>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 150
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Received from 192.168.123.9 port 1814 ....
Packet length = 260
01 26 01 04 5e 25 a8 31 5e ab 41 ee a3 0b bf fa
6f d7 c1 38 01 05 39 39 39 1a 36 00 00 37 2a 01
30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c 63 63
3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75 6c 6c
29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31 58 1a
19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f 72 2c
6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01 06 06
00 00 00 02 05 06 00 00 00 03 57 03 33 1e 19 30
30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d 43 30
3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d 46 31
2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05 78 3d
06 00 00 00 13 20 18 30 30 2d 39 30 2d 34 62 2d
37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d 18 43
4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20 38 30
32 2e 31 31 62 4f 08 02 06 00 06 19 00 50 12 ff
a0 42 66 c5 46 da dc e4 a5 fe 2d 97 29 97 bc 21
05 31 35 31
Code: Access-Request
Identifier: 38
Authentic: ^%<168>1^<171>A<238><163><11><191><250>o<215><193>8
Attributes:
User-Name = "999"
WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=GEM1X"
WISPr-Location-Name = "operator,location"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
NAS-Port = 3
NAS-Port-Id = "3"
Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
Calling-Station-Id = "00-0C-F1-08-37-BF"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><6><0><6><25><0>
Message-Authenticator =
<255><160>Bf<197>F<218><220><228><165><254>-<151>)<151><188>
Proxy-State = 151
Mon Aug 9 19:30:48 2004: DEBUG: Handling request with Handler ''
Mon Aug 9 19:30:48 2004: DEBUG: Deleting session for 999, 10.0.0.1, 3
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 9 19:30:48 2004: DEBUG: Handling with EAP: code 2, 6, 6
Mon Aug 9 19:30:48 2004: DEBUG: Response type 25
Mon Aug 9 19:30:48 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Access challenged for 999: EAP PEAP
Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Sending to 192.168.123.9 port 1814 ....
Packet length = 490
0b 26 01 ea ff 8a f7 3d 40 03 d1 bf 73 12 46 1b
c2 2b 6d 4b 4f ff 01 07 01 bb 19 00 d4 91 83 22
d0 cc 32 ab 9b 96 4e 34 91 54 20 25 34 61 5f 2a
02 15 e1 8b aa ff 7d 64 51 cf 0a ff bc 7d d8 21
6a 78 cb 2f 51 6f f8 42 1d 33 bd eb b5 7b 94 c3
c3 a9 a0 2d df d1 29 1f 1d fe 8f 3f bb a8 45 2a
7f d1 6e 55 24 e2 bb 02 fb 31 3f be e8 bc ec 40
2b f8 01 d4 56 38 e4 ca 44 82 b5 61 20 21 67 65
f6 f0 0b e7 34 f8 a5 c2 9c a3 5c 40 1f 85 93 95
06 de 4f d4 27 a9 b6 a5 fc 16 cd 73 31 3f b8 65
27 cf d4 53 1a f0 ac 6e 9f 4f 05 0c 03 81 a7 84
29 c4 5a bd 64 57 72 ad 3b cf 37 18 a6 98 c6 ad
06 b4 dc 08 a3 04 d5 29 a4 96 9a 12 67 4a 8c 60
45 9d f1 23 9a b0 00 9c 68 b5 98 50 d3 ef 8e 2e
92 65 b1 48 3e 21 be 15 30 2a 0d b5 0c a3 6b 3f
ae 7f 57 f5 1f 96 7c df 6f dd 82 30 2c 65 1b 40
4a cd 68 b9 72 ec 71 76 ec 54 8e 1f 85 0c 01 6a
fa a6 38 4f c0 ac 1f c4 84 16 03 01 00 b5 0d 00
00 ad 02 01 02 00 a8 00 a6 30 81 a3 31 0b 30 09
06 03 55 04 06 13 02 55 53 31 0b 30 09 06 03 55
04 08 13 02 55 54 31 17 30 15 06 03 55 04 07 13
0e 53 61 6c 74 20 4c 61 6b 65 20 43 69 74 79 31
1e 30 1c 06 03 55 04 0a 13 15 54 68 65 20 55 53
45 52 54 52 55 53 54 20 4e 65 74 77 6f 72 6b 31
21 30 1f 06 03 55 04 0b 13 18 68 74 74 70 3a 2f
2f 77 77 77 2e 75 73 65 72 74 72 75 73 74 2e 63
6f 6d 31 2b 30 29 06 03 55 04 03 13 22 55 54 4e
2d 55 53 45 52 46 69 72 73 74 2d 4e 65 74 77 6f
72 6b 20 41 70 70 6c 69 63 61 74 69 6f 6e 73 0e
00 00 00 50 12 f6 3b e7 de 3a 29 ff 11 32 83 21
02 9f d9 13 73 21 05 31 35 31
Code: Access-Challenge
Identifier: 38
Authentic: ^%<168>1^<171>A<238><163><11><191><250>o<215><193>8
Attributes:
EAP-Message =
<1><7><1><187><25><0><212><145><131>"<208><204>2<171><155><150>N4<145>T
%4a_*<2><21><225><139><170><255>}dQ<207><10><255><188>}<216>!jx<203>/Qo<248>
B<29>3<189><235><181>{<148><195><195><169><160>-<223><209>)<31><29><254><143
>?<187><168>E*<127><209>nU$<226><187><2><251>1?<190><232><188><236>@+<248><1
><212>V8<228><202>D<130><181>a
!ge<246><240><11><231>4<248><165><194><156><163>\@<31><133><147><149><6><222
>O<212>'<169><182><165><252><22><205>s1?<184>e'<207><212>S<26><240><172>n<15
9>O<5><12><3><129><167><132>)<196>Z<189>dWr<173>;<207>7<24><166><152><198><1
73><6><180><220><8><163><4><213>)<164><150><154><18>gJ<140>`E<157><241>#<154
><176><0><156>h<181><152>P<211><239><142>.<146>e<177>H>!<190><21>0*<13><181>
<12><163>k?<174><127>W<245><31><150>|<223>o<221><130>0,e<27>@J<205>h<185>r<2
36>qv<236>T<142><31><133><12><1>j<250><166>8
EAP-Message =
<172><31><196><132><22><3><1><0><181><13><0><0><173><2><1><2><0><168><0><166
>0<129><163>1<11>0<9><6><3>U<4><6><19><2>US1<11>0<9><6><3>U<4><8><19><2>UT1<
23>0<21><6><3>U<4><7><19><14>Salt Lake
City1<30>0<28><6><3>U<4><10><19><21>The USERTRUST
Network1!0<31><6><3>U<4><11><19><24>http://www.usertrust.com1+0)<6><3>U<4><3
><19>"UTN-USERFirst-Network Applications<14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = 151
Mon Aug 9 19:30:48 2004: DEBUG: Packet dump:
*** Received from 192.168.123.9 port 1814 ....
Packet length = 453
01 27 01 c5 e4 41 e6 33 f7 6f 39 d2 1b 81 f2 c8
ab d1 2b 5e 01 05 39 39 39 1a 36 00 00 37 2a 01
30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c 63 63
3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75 6c 6c
29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31 58 1a
19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f 72 2c
6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01 06 06
00 00 00 02 05 06 00 00 00 03 57 03 33 1e 19 30
30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d 43 30
3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d 46 31
2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05 78 3d
06 00 00 00 13 20 18 30 30 2d 39 30 2d 34 62 2d
37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d 18 43
4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20 38 30
32 2e 31 31 62 4f c9 02 07 00 c7 19 80 00 00 00
bd 16 03 01 00 8d 0b 00 00 03 00 00 00 10 00 00
82 00 80 94 f6 79 77 a3 91 2f 2f a6 8b 29 36 56
d4 a7 fb cf ac 63 7a ef 02 1a 99 94 4d 92 2e 2c
13 23 e4 ad 9d 4a fd 17 f4 c7 4d a0 5c e9 7f 54
62 f2 65 0c 39 43 b1 26 cc ae d9 a8 d5 0e 3c 05
73 95 53 87 1b d6 64 87 59 f8 98 bc 85 c3 0e 32
9f bb 9c d2 6a 48 2f 96 73 ee cd 1a cb c9 17 9e
6a da 9c 34 5b 37 ca 01 1b f8 75 17 81 bb 31 13
5d bb 4d b8 79 91 87 f3 fe 59 2c d1 21 6b b7 be
e4 d7 22 14 03 01 00 01 01 16 03 01 00 20 fd 2d
55 7d ea 90 0b a5 b7 65 e8 26 aa e3 eb da f2 15
4e 2e 9f f5 e9 a3 c8 5c 76 09 8f 4a d6 b2 50 12
0e 3c 3f cd 1b 6d d4 5a 13 26 7a 5b 28 42 db 4d
21 05 31 35 32
Code: Access-Request
Identifier: 39
Authentic: <228>A<230>3<247>o9<210><27><129><242><200><171><209>+^
Attributes:
User-Name = "999"
WISPr-Location-ID = "isocc=(null),cc=(null),ac=(null),network=GEM1X"
WISPr-Location-Name = "operator,location"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
NAS-Port = 3
NAS-Port-Id = "3"
Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
Calling-Station-Id = "00-0C-F1-08-37-BF"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
<2><7><0><199><25><128><0><0><0><189><22><3><1><0><141><11><0><0><3><0><0><0
><16><0><0><130><0><128><148><246>yw<163><145>//<166><139>)6V<212><167><251>
<207><172>cz<239><2><26><153><148>M<146>.,<19>#<228><173><157>J<253><23><244
><199>M<160>\<233><127>Tb<242>e<12>9C<177>&<204><174><217><168><213><14><<5>
s<149>S<135><27><214>d<135>Y<248><152><188><133><195><14>2<159><187><156><21
0>jH/<150>s<238><205><26><203><201><23><158>j<218><156>4[7<202><1><27><248>u
<23><129><187>1<19>]<187>M<184>y<145><135><243><254>Y,<209>!k<183><190><228>
<215>"<20><3><1><0><1><1><22><3><1><0>
<253>-U}<234><144><11><165><183>e<232>&<170><227><235><218><242><21>N.<159><
245><233><163><200>\v<9><143>J<214><178>
Message-Authenticator = <14><?<205><27>m<212>Z<19>&z[(B<219>M
Proxy-State = 152
Mon Aug 9 19:30:48 2004: DEBUG: Handling request with Handler ''
Mon Aug 9 19:30:48 2004: DEBUG: Deleting session for 999, 10.0.0.1, 3
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL
Mon Aug 9 19:30:48 2004: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 9 19:30:48 2004: DEBUG: Handling with EAP: code 2, 7, 199
Mon Aug 9 19:30:48 2004: DEBUG: Response type 25
Mon Aug 9 19:30:48 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Mon Aug 9 19:30:48 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Aug 9 19:30:48 2004: DEBUG: Access challenged for 999: EAP PEAP
Challenge
Mon Aug 9 19
-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au]
Sent: Monday, August 09, 2004 6:34 PM
To: scottxiao at antlabs.com
Cc: Radiator
Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
Hello Scott,
Its hard to be sure since you did not include the whole trace file, but
this:
tlsv1 alert access denied
indicates that the client didnt like the server certificate. Usually this is
because
1. you are using a private server certificate but the client does not have
the
corresponding root certificate.
2. The client is configured to limit the server certificate to certain
names,
but the name in the server certificate does not match
3. The clock on the client is outside the valid date range of the server
certificate.
Cheers.
On Monday 09 August 2004 14:44, Scott Xiao - ANTlabs wrote:
> Hi,Hugh,
> Thanks ! I did some update on my config file according to your and
> Christian's advice,I downloaded the root CA from FreeSSL and saved in the
> certificate directory as pem format ,and tested again,then I encountered
> another error " EAP PEAP TLS read failed: 2144: 1 - error:14094419:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert access denied" , what could be the
> cause here?Pleaase advise,Thanks a lot!!! Here below is my updated config
> file(part) and the error log:
>
> Config file:
>
> EAPType PEAP,MSCHAP-V2
>
> EAPTLS_CAFile %D/certificates/UTN.pem
>
> EAPTLS_CertificateFile
> %D/certificates/myhost.antlabs.com.pem
>
> EAPTLS_CertificateType PEM
>
> EAPTLS_PrivateKeyFile
> %D/certificates/myhost.antlabs.com.key
>
> EAPTLS_PrivateKeyPassword [password(hidden)]
>
> Error Log:
> Code: Access-Request
> Identifier: 52
> Authentic: <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
> Attributes:
> User-Name = "hello"
> WISPr-Location-ID =
> "isocc=(null),cc=(null),ac=(null),network=GEM1X" WISPr-Location-Name =
> "operator,location"
> NAS-IP-Address = 10.0.0.1
> Service-Type = Framed-User
> NAS-Port = 3
> NAS-Port-Id = "3"
> Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> Calling-Station-Id = "00-0C-F1-08-37-BF"
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message =
>
<2><10><0>!<25><128><0><0><0><23><21><3><1><0><18>'<245><137><179><200>3<16
>7
>
> >nL<133><196>y<243><146>*[m<140>
>
> Message-Authenticator =
> kW<200><133><164><209>,'<166><19><209><223><197>3h<243>
> Proxy-State = 165
>
> Mon Aug 9 12:19:41 2004: DEBUG: Handling request with Handler ''
> Mon Aug 9 12:19:41 2004: DEBUG: Deleting session for hello, 10.0.0.1, 3
> Mon Aug 9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL
> Mon Aug 9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL:
> Mon Aug 9 12:19:41 2004: DEBUG: Handling with EAP: code 2, 10, 33
> Mon Aug 9 12:19:41 2004: DEBUG: Response type 25
> Mon Aug 9 12:19:41 2004: ERR: EAP PEAP TLS read failed: 2144: 1 -
> error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied
>
> Mon Aug 9 12:19:41 2004: DEBUG: EAP result: 1, EAP PEAP TLS read failed
> Mon Aug 9 12:19:41 2004: INFO: Access rejected for hello: EAP PEAP TLS
> read failed
> Mon Aug 9 12:19:41 2004: DEBUG: Packet dump:
> *** Sending to 192.168.123.9 port 1814 ....
>
> Packet length = 41
> 03 34 00 29 d8 e5 80 35 df 65 12 80 66 9f 3e 42
> 41 03 fe 70 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64 21 05 31 36 35
> Code: Access-Reject
> Identifier: 52
> Authentic: <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
> Attributes:
> Reply-Message = "Request Denied"
> Proxy-State = 165
>
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Hugh Irvine
> Sent: Saturday, August 07, 2004 2:49 PM
> To: scottxiao at antlabs.com
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
>
>
>
> Hello Scott -
>
> The problem is that Radiator cannot find the CA certificates because
> neither EAPTLS_CAFile nor EAPTLS_CAPath are defined.
>
> The example configuration file "goodies/eap_tls.cfg" shows a working
> example.
>
> regards
>
> Hugh
>
> On 7 Aug 2004, at 13:26, Scott Xiao - ANTlabs wrote:
> > Thanks Hugh!
> > But I still don't understand what relationship between that message
> > and my
> > problem of PEAP "EAP TLS Could not initialise context". Since I have a
> > certificate from FreeSSL,do I still need the cert in
> > "demoCA/cacert.pem" ?
> > Do you have a samle configure of using actual certificate instead of
> > self-signed certificate?Thanks!
> > Rgds
> > Scott
> > -----Original Message-----
> > From: Hugh Irvine [mailto:hugh at open.com.au]
> > Sent: Saturday, August 07, 2004 7:32 AM
> > To: scottxiao at antlabs.com
> > Cc: radiator at open.com.au
> > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> >
> >
> >
> > Hello Scott -
> >
> > The complete message is this:
> >
> > TLS.pm: $parent->log($main::LOG_ERR, "TLS could not
> > load_verify_locations $parent->{EAPTLS_CAFile},
> > $parent->{EAPTLS_CAPath}: $errs");
> >
> > See the example configuration file in "goodies/eap_tls.cfg".
> >
> > Here is the relevant section:
> >
> > # EAPTLS_CAFile is the name of a file of CA
> > certificates
> > # in PEM format. The file can contain several CA
> > certificates
> > # Radiator will first look in EAPTLS_CAFile then in
> > # EAPTLS_CAPath, so there usually is no need to set
> > both
> > EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> >
> > # EAPTLS_CAPath is the name of a directory containing
> > CA
> > # certificates (and possible CRLs) in PEM format. The
> > files each contain one
> > # CA certificate. The files are looked up by the CA
> > # subject name hash value
> > # EAPTLS_CAPath %D/certificates/demoCA
> >
> > regards
> >
> > Hugh
> >
> > On 7 Aug 2004, at 01:22, Scott Xiao - ANTlabs wrote:
> >> Hi,
> >> Thanks for all the help on my timer issue,PEAP,acct stop issue,all
> >> those
> >> resolved.
> >> The current issue is,I got an error of "TLS could not
> >> load_verify_locations"
> >> with an actually certificate,see the config file and debug below.
> >> I purchased a server ceriticate from freessl.com , copy the text part
> >> of the
> >> cert into a text file and saved in the certificate directory of
> >> radiator as
> >> a .pem file, together with the private key file (.key file).Then I
> >> modified
> >> the config file to point the path to the certificate
> >> directory,instead of
> >> using the sample certificates.I found the sample pem file has 2
> >> parts,public
> >> key and private key inside,while my pem file (server cert) has only
> >> one
> >> part,which is the server server cert itself.But I don't think it's
> >> issue
> >> since the comments in the file says it could be the same file for the
> >> keys.Then I tested,and got the error as mentioned.Can you advise what
> >> 's the
> >> problem?FreeSSL's webserver cert should work in this senario,right?How
> >> to
> >> make a pem file to have 2 parts like the samle one?Thanks!!
> >> Rgds
> >> Scott
> >>
> >>
> >> config file:
> >>
> >> EAPType PEAP,MSCHAP-V2
> >>
> >>
> >> EAPTLS_CertificateFile
> >> %D/certificates/myhost.antlabs.com.pem
> >>
> >> EAPTLS_CertificateType PEM
> >> #EAPTLS_CertificateType CRT
> >>
> >> # EAPTLS_PrivateKeyFile is the name of the file
> >> containing
> >> # the servers private key. It is sometimes in the same
> >> file
> >> # as the server certificate (EAPTLS_CertificateFile)
> >> # If the private key is encrypted (usually the case)
> >> # then EAPTLS_PrivateKeyPassword is the key to
> >> descrypt it
> >> #EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> >> EAPTLS_PrivateKeyFile
> >> %D/certificates/myhost.antlabs.com.key
> >> #EAPTLS_PrivateKeyFile
> >> /etc/radiator/certificates/myhost.antlabs.com.key
> >> # EAPTLS_PrivateKeyFile %D/certificates/myhost.pem
> >> #EAPTLS_PrivateKeyPassword whatever
> >> EAPTLS_PrivateKeyPassword hiddenpassword
> >>
> >> Debuging info:
> >>
> >> [root at AAA Radiator-3.9]# ./radiusd -foreground -config_file ./tt1.cfg
> >> Fri Aug 6 23:04:27 2004: DEBUG: Finished reading configuration file
> >> './tt1.cfg'
> >> Fri Aug 6 23:04:27 2004: DEBUG: Reading dictionary file
> >> '/usr/src/802/radiator/Radiator-3.9/dictionary'
> >> Fri Aug 6 23:04:27 2004: DEBUG: Creating authentication port
> >> 0.0.0.0:1812
> >> Fri Aug 6 23:04:27 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> >> Fri Aug 6 23:04:27 2004: NOTICE: Server started: Radiator 3.9 on AAA
> >>
> >>
> >>
> >> Fri Aug 6 23:04:50 2004: DEBUG: Packet dump:
> >> *** Received from 192.168.123.9 port 1814 ....
> >>
> >> Packet length = 266
> >> 01 2a 01 0a 6b 23 57 6b 5f b8 ea 46 bd 67 35 ac
> >> 73 e7 51 2a 01 07 68 65 6c 6c 6f 1a 36 00 00 37
> >> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
> >> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
> >> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
> >> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
> >> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
> >> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
> >> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
> >> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
> >> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
> >> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
> >> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
> >> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
> >> 38 30 32 2e 31 31 62 4f 0c 02 01 00 0a 01 68 65
> >> 6c 6c 6f 50 12 a3 6c 26 6a 29 c3 cf 09 f1 3a af
> >> e2 a7 d9 7a 27 21 05 31 35 35
> >> Code: Access-Request
> >> Identifier: 42
> >> Authentic: k#Wk_<184><234>F<189>g5<172>s<231>Q*
> >> Attributes:
> >> User-Name = "hello"
> >> WISPr-Location-ID =
> >> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> >> WISPr-Location-Name = "operator,location"
> >> NAS-IP-Address = 10.0.0.1
> >> Service-Type = Framed-User
> >> NAS-Port = 3
> >> NAS-Port-Id = "3"
> >> Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> >> Calling-Station-Id = "00-0C-F1-08-37-BF"
> >> Framed-MTU = 1400
> >> NAS-Port-Type = Wireless-IEEE-802-11
> >> NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> >> Connect-Info = "CONNECT 11Mbps 802.11b"
> >> EAP-Message = <2><1><0><10><1>hello
> >> Message-Authenticator =
> >> <163>l&j)<195><207><9><241>:<175><226><167><217>z'
> >> Proxy-State = 155
> >>
> >> Fri Aug 6 23:04:50 2004: DEBUG: Handling request with Handler ''
> >> Fri Aug 6 23:04:50 2004: DEBUG: Deleting session for hello,
> >> 10.0.0.1, 3
> >> Fri Aug 6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL
> >> Fri Aug 6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL:
> >> Fri Aug 6 23:04:50 2004: DEBUG: Handling with EAP: code 2, 1, 10
> >> Fri Aug 6 23:04:50 2004: DEBUG: Response type 1
> >> Fri Aug 6 23:04:50 2004: ERR: TLS could not load_verify_locations , :
> >> Fri Aug 6 23:04:50 2004: DEBUG: EAP result: 1, EAP TLS Could not
> >> initialise
> >> context
> >> Fri Aug 6 23:04:50 2004: INFO: Access rejected for hello: EAP TLS
> >> Could not
> >> initialise context
> >> Fri Aug 6 23:04:50 2004: DEBUG: Packet dump:
> >> *** Sending to 192.168.123.9 port 1814 ....
> >>
> >> Packet length = 41
> >> 03 2a 00 29 de 49 a8 63 73 f4 3d 7e 46 3b f0 77
> >> f0 4e 7e 85 12 10 52 65 71 75 65 73 74 20 44 65
> >> 6e 69 65 64 21 05 31 35 35
> >> Code: Access-Reject
> >> Identifier: 42
> >> Authentic: k#Wk_<184><234>F<189>g5<172>s<231>Q*
> >> Attributes:
> >> Reply-Message = "Request Denied"
> >> Proxy-State = 155
> >>
> >> Fri Aug 6 23:05:05 2004: DEBUG: Packet dump:
> >> *** Received from 192.168.123.9 port 1814 ....
> >>
> >> Packet length = 266
> >> 01 2b 01 0a 64 a2 eb e1 33 a6 36 6a ea dd 0b e5
> >> be e9 8b 22 01 07 73 63 6f 74 74 1a 36 00 00 37
> >> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
> >> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
> >> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
> >> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
> >> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
> >> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
> >> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
> >> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
> >> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
> >> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
> >> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
> >> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
> >> 38 30 32 2e 31 31 62 4f 0c 02 02 00 0a 01 73 63
> >> 6f 74 74 50 12 80 4b 89 4b 8f ad 7a c7 a3 d5 a6
> >> 5e b0 d6 23 19 21 05 31 35 36
> >> Code: Access-Request
> >> Identifier: 43
> >> Authentic:
> >> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
> >> Attributes:
> >> User-Name = "scott"
> >> WISPr-Location-ID =
> >> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> >> WISPr-Location-Name = "operator,location"
> >> NAS-IP-Address = 10.0.0.1
> >> Service-Type = Framed-User
> >> NAS-Port = 3
> >> NAS-Port-Id = "3"
> >> Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> >> Calling-Station-Id = "00-0C-F1-08-37-BF"
> >> Framed-MTU = 1400
> >> NAS-Port-Type = Wireless-IEEE-802-11
> >> NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> >> Connect-Info = "CONNECT 11Mbps 802.11b"
> >> EAP-Message = <2><2><0><10><1>scott
> >> Message-Authenticator =
> >> <128>K<137>K<143><173>z<199><163><213><166>^<176><214>#<25>
> >> Proxy-State = 156
> >>
> >> Fri Aug 6 23:05:05 2004: DEBUG: Handling request with Handler ''
> >> Fri Aug 6 23:05:05 2004: DEBUG: Deleting session for scott,
> >> 10.0.0.1, 3
> >> Fri Aug 6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL
> >> Fri Aug 6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL:
> >> Fri Aug 6 23:05:05 2004: DEBUG: Handling with EAP: code 2, 2, 10
> >> Fri Aug 6 23:05:05 2004: DEBUG: Response type 1
> >> Fri Aug 6 23:05:05 2004: ERR: TLS could not load_verify_locations , :
> >> Fri Aug 6 23:05:05 2004: DEBUG: EAP result: 1, EAP TLS Could not
> >> initialise
> >> context
> >> Fri Aug 6 23:05:05 2004: INFO: Access rejected for scott: EAP TLS
> >> Could not
> >> initialise context
> >> Fri Aug 6 23:05:05 2004: DEBUG: Packet dump:
> >> *** Sending to 192.168.123.9 port 1814 ....
> >>
> >> Packet length = 41
> >> 03 2b 00 29 43 89 dc ac 25 80 f5 79 2e df dc b9
> >> 46 58 5b 41 12 10 52 65 71 75 65 73 74 20 44 65
> >> 6e 69 65 64 21 05 31 35 36
> >> Code: Access-Reject
> >> Identifier: 43
> >> Authentic:
> >> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
> >> Attributes:
> >> Reply-Message = "Request Denied"
> >> Proxy-State = 156
> >>
> >>
> >> [root at AAA Radiator-3.9]#
> >>
> >> [root at AAA certificates]# ls
> >> cert-clt.p12 demoCA myhost.antlabs.com.pem
> >> root.pem
> >> cert-clt.pem myhost.antlabs.com.crt README
> >> cert-srv.pem myhost.antlabs.com.key root.der
> >> [root at AAA certificates]#
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> >> Behalf Of Bon sy
> >> Sent: Tuesday, August 03, 2004 7:10 PM
> >> To: Terry Simons
> >> Cc: scottxiao at antlabs.com; radiator at open.com.au
> >> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100
> >> WLAN
> >>
> >>
> >> Hi Scott and Terry,
> >>
> >> If your main concern is the cost as Terry mentioned, you may want
> >> to consider building your own CA using openssl. If a moderate cost
> >> investment may fit your budget, you may want to look into CATool as
> >> Mike/Hugh has suggested previously.
> >>
> >> We have tried and used both. Building your own CA using openssl is
> >> more involved --- and obviously you have to provide your own technical
> >> support --- in comparing to using CATool. If you do want to build your
> >> own
> >> CA using openssl and to avoid the frustration causing your late night
> >> sleepless symtom, we find it important to build up the comfort level
> >> on
> >> openssl, perl, and Linux, and definitely read up a lot from the
> >> mailing
> >> list, before doing it.
> >>
> >> Bon
> >>
> >> On Mon, 2 Aug 2004, Terry Simons wrote:
> >>> Hi Scott,
> >>>
> >>> You *can* reuse a server certificate in another location later.
> >>>
> >>> The domain name has no real significance, except that you need to
> >>> verify it on the client to ensure that your clients are secure. The
> >>> domain can be whatever you like, and can exist on multiple servers...
> >>> there is no inherent tie to any given server.
> >>>
> >>> That said, it is probably *not* a good idea to reuse certificates in
> >>> a
> >>> production environment, but it does work.
> >>>
> >>> Is the main reason why you are purchasing certificates to ensure that
> >>> the client has a pre-installed CA certificate that will verify your
> >>> certificate, or for some other reason?
> >>>
> >>> If your main concern is the cost, you should probably consider
> >>> rolling
> >>> your own certificates.
> >>>
> >>> - Terry
> >>>
> >>> On Aug 2, 2004, at 8:59 PM, Scott Xiao - ANTlabs wrote:
> >>>> Hi,
> >>>> Can any of you recommend one workable Radius(Radiator) server
> >>>> certificate
> >>>> besides Verisign?I want to buy a cheaper one,use it in 802.1x PEAP
> >>>> WLAN
> >>>> hotspot.If I use it for domain "hostname.mydomain.com" ,can I use
> >>>> the
> >>>> same
> >>>> certificate in future if I deploy a same WLAN in another place which
> >>>> will
> >>>> still use the same domain name?Thanks!
> >>>> Rgds
> >>>> Scott Xiao
> >>>> -----Original Message-----
> >>>> From: owner-radiator at open.com.au
> >>>> [mailto:owner-radiator at open.com.au]On
> >>>> Behalf Of Terry Simons
> >>>> Sent: Thursday, July 29, 2004 1:15 PM
> >>>> To: Christian Wiedmann
> >>>> Cc: radiator at open.com.au
> >>>> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100
> >>>> WLAN
> >>>>
> >>>>
> >>>> Hi,
> >>>>
> >>>> On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:
> >>>>> As far as I know, the XP server extension OID is the one that is
> >>>>> also
> >>>>> used for web servers. Therefore, a web server certificate should
> >>>>> work.
> >>>>
> >>>> This is true. There is one thing that people should probably be
> >>>> aware
> >>>> of, however.
> >>>>
> >>>> At the last Networld + Interop HotStage, we did some extensive
> >>>> testing
> >>>> with this and it was determined that what should probably happen is
> >>>> to
> >>>> officially apply for some OIDs for 802.1X authentication servers.
> >>>> One
> >>>> of the HotStage members that is involved in the IETF and the IEEE is
> >>>> pushing that a bit, so it could be the case that a "proper" OID set
> >>>> will come out in the future. It could be a ways out, but I
> >>>> personally
> >>>> hope that it happens so we can have an "official" way of creating
> >>>> "802.1X authentication" certificates.
> >>>>
> >>>> - Terry
> >>>>
> >>>>> For what it's worth, I've successfully used a Verisign web server
> >>>>> certificate
> >>>>> for PEAP authentication against Windows XP SP1. I think there's a
> >>>>> good
> >>>>> chance a freessl certificate would work too.
> >>>>>
> >>>>> -Christian
> >>>>>
> >>>>> ref.:
> >>>>> http://support.microsoft.com/?kbid=814394
> >>>>> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
> >>>>> http://www.ietf.org/rfc/rfc2459.txt
> >>>>>
> >>>>> On Wed, 28 Jul 2004, Mike McCauley wrote:
> >>>>>> Date: Wed, 28 Jul 2004 19:35:44 +1000
> >>>>>> From: Mike McCauley <mikem at open.com.au>
> >>>>>> To: scottxiao at antlabs.com
> >>>>>> Cc: Radiator <radiator at open.com.au>
> >>>>>> Subject: Re: (RADIATOR) SSL certificate for 802.1x
> >>>>>> PEAP/aironet1100
> >>>>>> WLAN
> >>>>>>
> >>>>>> Hi Scott,
> >>>>>>
> >>>>>> On Wednesday 28 July 2004 18:41, Scott Xiao - ANTlabs wrote:
> >>>>>>> Hi,Mike,
> >>>>>>> Thanks, so do you have any suggestion that I can purchase
> >>>>>>> regarding
> >>>>>>> the
> >>>>>>> cert for radius server?Verisign?which type?If you have any
> >>>>>>> recommendation
> >>>>>>> that it works well on Radiator....Thanks
> >>>>>>
> >>>>>> Verisign offer certificates for radius servers, but I dont know
> >>>>>> the
> >>>>>> details of
> >>>>>> how to apply for one. They do work with Radiator. You should try
> >>>>>> to
> >>>>>> get it in
> >>>>>> PEM format.
> >>>>>>
> >>>>>> Cheers.
> >>>>>
> >>>>> --
> >>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>> Announcements on radiator-announce at open.com.au
> >>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>> 'unsubscribe radiator' in the body of the message.
> >>>>
> >>>> --
> >>>> Archive at http://www.open.com.au/archives/radiator/
> >>>> Announcements on radiator-announce at open.com.au
> >>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>> --
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >>
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list