(RADIATOR) Error "TLS could not load_verify_locations" - FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
Mike McCauley
mikem at open.com.au
Tue Aug 10 03:02:16 CDT 2004
On Tuesday 10 August 2004 17:43, Scott Xiao - ANTlabs wrote:
> Hi,Mike,
> Here is the log I got from xp client,can advise?Thanks
Here is the problem:
[604] 15:38:47:944: The server's cert does not have the 'Server
Authentication' usage
This means that your server certificate does not have the special Server
Authentication option that I mentioned to you before.
Without that option in the certificate XP will not honour the certificate.
Cheers.
> Scott
>
> [604] 15:30:40:423: PeapReadConnectionData
> [604] 15:30:40:423: PeapReadUserData
> [604] 15:30:40:423: RasEapGetInfo
> [604] 15:31:11:608: PeapReadConnectionData
> [604] 15:31:11:608: PeapReadUserData
> [604] 15:31:11:608: RasEapGetInfo
> [604] 15:32:13:176: PeapReadConnectionData
> [604] 15:32:13:176: PeapReadUserData
> [604] 15:32:13:176: RasEapGetInfo
> [604] 15:33:14:795: PeapReadConnectionData
> [604] 15:33:14:795: PeapReadUserData
> [604] 15:33:14:795: RasEapGetInfo
> [604] 15:34:16:334: PeapReadConnectionData
> [604] 15:34:16:334: PeapReadUserData
> [604] 15:34:16:344: RasEapGetInfo
> [604] 15:35:17:882: PeapReadConnectionData
> [604] 15:35:17:882: PeapReadUserData
> [604] 15:35:17:882: RasEapGetInfo
> [604] 15:36:19:421: PeapReadConnectionData
> [604] 15:36:19:421: PeapReadUserData
> [604] 15:36:19:421: RasEapGetInfo
> [604] 15:37:21:069: PeapReadConnectionData
> [604] 15:37:21:069: PeapReadUserData
> [604] 15:37:21:069: RasEapGetInfo
> [604] 15:38:22:608: PeapReadConnectionData
> [604] 15:38:22:608: PeapReadUserData
> [604] 15:38:22:608: RasEapGetInfo
> [604] 15:38:46:983: EapPeapBegin
> [604] 15:38:46:983: PeapReadConnectionData
> [604] 15:38:46:983: PeapReadUserData
> [604] 15:38:46:983:
> [604] 15:38:46:983: EapTlsBegin(999)
> [604] 15:38:46:983: State change to Initial
> [604] 15:38:46:983: EapTlsBegin: Detected 8021X authentication
> [604] 15:38:46:983: EapTlsBegin: Detected PEAP authentication
> [604] 15:38:46:983: MaxTLSMessageLength is now 16384
> [604] 15:38:46:983: EapPeapBegin done
> [604] 15:38:46:983: EapPeapMakeMessage
> [604] 15:38:46:983: EapPeapCMakeMessage
> [604] 15:38:46:983: PEAP:PEAP_STATE_INITIAL
> [604] 15:38:46:983: EapTlsCMakeMessage
> [604] 15:38:46:983: EapTlsReset
> [604] 15:38:46:983: State change to Initial
> [604] 15:38:46:983: GetCredentials
> [604] 15:38:46:983: Flag is Client and Store is Current User
> [604] 15:38:46:983: GetCachedCredentials
> [604] 15:38:46:983: FreeCachedCredentials
> [604] 15:38:46:983: No Cert Store. Guest Access requested
> [604] 15:38:46:983: No Cert Name. Guest access requested
> [604] 15:38:46:983: Will validate server cert
> [604] 15:38:47:033: MakeReplyMessage
> [604] 15:38:47:033: SecurityContextFunction
> [604] 15:38:47:073: InitializeSecurityContext returned 0x90312
> [604] 15:38:47:073: State change to SentHello
> [604] 15:38:47:073: BuildPacket
> [604] 15:38:47:073: << Sending Response (Code: 2) packet: Id: 10, Length:
> 80, Type: 13, TLS blob length: 70. Flags: L
> [604] 15:38:47:073: EapPeapCMakeMessage done
> [604] 15:38:47:073: EapPeapMakeMessage done
> [604] 15:38:47:243: EapPeapMakeMessage
> [604] 15:38:47:243: EapPeapCMakeMessage
> [604] 15:38:47:243: PEAP:PEAP_STATE_TLS_INPROGRESS
> [604] 15:38:47:243: EapTlsCMakeMessage
> [604] 15:38:47:243: MakeReplyMessage
> [604] 15:38:47:243: Reallocating input TLS blob buffer
> [604] 15:38:47:243: BuildPacket
> [604] 15:38:47:243: << Sending Response (Code: 2) packet: Id: 11, Length:
> 6, Type: 13, TLS blob length: 0. Flags:
> [604] 15:38:47:243: EapPeapCMakeMessage done
> [604] 15:38:47:243: EapPeapMakeMessage done
> [604] 15:38:47:534: EapPeapMakeMessage
> [604] 15:38:47:534: EapPeapCMakeMessage
> [604] 15:38:47:534: PEAP:PEAP_STATE_TLS_INPROGRESS
> [604] 15:38:47:534: EapTlsCMakeMessage
> [604] 15:38:47:534: MakeReplyMessage
> [604] 15:38:47:534: BuildPacket
> [604] 15:38:47:534: << Sending Response (Code: 2) packet: Id: 12, Length:
> 6, Type: 13, TLS blob length: 0. Flags:
> [604] 15:38:47:534: EapPeapCMakeMessage done
> [604] 15:38:47:534: EapPeapMakeMessage done
> [604] 15:38:47:694: EapPeapMakeMessage
> [604] 15:38:47:694: EapPeapCMakeMessage
> [604] 15:38:47:694: PEAP:PEAP_STATE_TLS_INPROGRESS
> [604] 15:38:47:694: EapTlsCMakeMessage
> [604] 15:38:47:694: MakeReplyMessage
> [604] 15:38:47:694: SecurityContextFunction
> [604] 15:38:47:894: InitializeSecurityContext returned 0x90312
> [604] 15:38:47:904: State change to SentFinished
> [604] 15:38:47:904: BuildPacket
> [604] 15:38:47:904: << Sending Response (Code: 2) packet: Id: 13, Length:
> 199, Type: 13, TLS blob length: 189. Flags: L
> [604] 15:38:47:904: EapPeapCMakeMessage done
> [604] 15:38:47:904: EapPeapMakeMessage done
> [604] 15:38:47:944: EapPeapMakeMessage
> [604] 15:38:47:944: EapPeapCMakeMessage
> [604] 15:38:47:944: PEAP:PEAP_STATE_TLS_INPROGRESS
> [604] 15:38:47:944: EapTlsCMakeMessage
> [604] 15:38:47:944: MakeReplyMessage
> [604] 15:38:47:944: SecurityContextFunction
> [604] 15:38:47:944: InitializeSecurityContext returned 0x0
> [604] 15:38:47:944: AuthenticateServer
> [604] 15:38:47:944: FGetEKUUsage
> [604] 15:38:47:944: FCheckUsage
> [604] 15:38:47:944: The server's cert does not have the 'Server
> Authentication' usage
> [604] 15:38:47:944: MakeAlert(49, Schannel)
> [604] 15:38:47:954: SecurityContextFunction
> [604] 15:38:47:954: InitializeSecurityContext returned 0x0
> [604] 15:38:47:954: State change to RecdFinished. Error: 0x30a
> [604] 15:38:47:954: BuildPacket
> [604] 15:38:47:954: << Sending Response (Code: 2) packet: Id: 14, Length:
> 33, Type: 13, TLS blob length: 23. Flags: L
> [604] 15:38:47:954: EapPeapCMakeMessage done
> [604] 15:38:47:954: EapPeapMakeMessage done
> [604] 15:38:49:957: EapPeapMakeMessage
> [604] 15:38:49:957: EapPeapCMakeMessage
> [604] 15:38:49:957: PEAP:PEAP_STATE_TLS_INPROGRESS
> [604] 15:38:49:957: EapTlsCMakeMessage
> [604] 15:38:49:957: Negotiation result according to peer: failure
> [604] 15:38:49:957: Negotiation unsuccessful
> [604] 15:38:49:957: EapPeapCMakeMessage done
> [604] 15:38:49:957: EapPeapMakeMessage done
> [604] 15:38:49:957: EapPeapEnd
> [604] 15:38:49:957: EapTlsEnd
> [604] 15:38:49:957: EapTlsEnd(999)
> [604] 15:38:49:957: Auth failed so freeing cached creds.
> [604] 15:38:49:957: FreeCachedCredentials
> [604] 15:38:49:957: EapPeapEnd done
> [2524] 15:38:50:127: PeapReadConnectionData
> [2524] 15:38:50:127: PeapReadUserData
> [2524] 15:38:50:127: RasEapGetInfo
> [2524] 15:38:50:147: PeapReadConnectionData
> [2524] 15:38:50:147: PeapReadUserData
> [2524] 15:38:50:147: RasEapGetInfo
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Tuesday, August 10, 2004 2:07 PM
> To: scottxiao at antlabs.com
> Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
>
>
> Hello Scott,
>
> This looks like a log from your Access Point. Is that true?
>
> The problem you are trying to work out is why your PC wireless client is
> not authenticating.
>
> You actually need to look at the logs from the wireless client on the PC
> that
> is trying to connect. If your are running a Windows client on XP or
> similar, see the FAQ item http://www.open.com.au/radiator/faq.html#130
> for information on how to enable tracing in the Windows client.
>
> Can you tell me privately the name of the customer you are working for and
> the
> details of their Radiator license? Then I can determine if there is a
> support
> contract in place?
>
> Cheers.
>
> On Tuesday 10 August 2004 15:54, Scott Xiao - ANTlabs wrote:
> > Hi,Mike,
> > Thanks.I make my Gemtek P320 AP by pass the Access Control
> > Gateway(ANTlabs SG),got the same result.I setup a syslog server,and here
> > below is the Radius client(AP)'s log information.It mentioned "
> > Unauthorizing station 00:0c:f1:08:37:bf " ,that's my PEAP WLAN client
> > notebook MAC address.Can you advise sth from it?Thanks!
> > Rgds
> > Scott /ANTlabs
> >
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
>
> 10.0.0.5
>
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > 192.168.123.8
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > 192.168.42.1
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > 192.168.40.1
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > 192.168.2.111
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203 not
> > supported here
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
>
> netlink
>
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203 not
> > supported here
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
>
> netlink
>
> > Aug 10 13:44:52 192.168.123.15 last message repeated 4 times
> > Aug 10 13:44:52 192.168.123.15 [ AAAD ]: Could not extract EAP-Message
>
> from
>
> > RADIUS message
> > Aug 10 13:44:52 192.168.123.15 [ AAAD ]: Unauthorizing station
> > 00:0c:f1:08:37:bf
> > Aug 10 13:44:52 192.168.123.15 [ AAAD ]: Removing 00:0c:f1:08:37:bf
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: soft_ap: got INFO AssocStatus=3
> > addr=00:0c:f1:08:37:bf
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: ap_hash: unlinking node
> > flags=11 addr 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11 INFO_AUTH_REQUEST
> > Aug 10 13:44:53 192.168.123.15 [ AAAD ]: IEEE 802.1X: Start
> > authentication for new station 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ AAAD ]: Unauthorizing station
> > 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: soft_ap: got INFO AssocStatus=1
> > addr=00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: ap_hash: linking node flags=11
> > addr 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ AAAD ]: Unauthorizing station
> > 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
>
> netlink
>
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
>
> netlink
>
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203 not
> > supported here
> > Aug 10 13:45:23 192.168.123.15 last message repeated 2 times
> > Aug 10 13:45:54 192.168.123.15 last message repeated 10 times
> > Aug 10 13:45:54 192.168.123.15 [ AAAD ]: Unauthorizing station
> > 00:0c:f1:08:37:bf
> > Aug 10 13:45:54 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203 not
> > supported here
> > Aug 10 13:46:24 192.168.123.15 last message repeated 2 times
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Tuesday, August 10, 2004 5:50 AM
> > To: scottxiao at antlabs.com
> > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> >
> >
> > Hello Scott,
> >
> > Im not able to tell what the problem that the client is complaining
> > about. You
> > will probably have to look at the client logs on the client computer. You
> > can
> > find information about how to examine client logs files in the Radiator
>
> FAQ
>
> > http://www.open.com.au/radiator/faq.html
> >
> > For prompt guaranteed support you can purchase a support contract, see
> > http://www.open.com.au/ordering.html
> >
> > Cheers.
> >
> > On Monday 09 August 2004 21:29, Scott Xiao - ANTlabs wrote:
> > > Hi,Mike,
> > > Thanks!I think the 2nd point you mentioned is a bit possible. The
> > > certificate is issued to myhost.antlabs.com domain, but the host name
> > > of the radius server is "aaa" without domain name.So I added some lines
> > > in
> >
> > the
> >
> > > hosts file of the server
> > >
> > > [root at AAA root]# more /etc/hosts
> > > 127.0.0.1 localhost
> > > 192.168.123.18 myhost.antlabs.com
> > >
> > > and did 2 commands, HOSTNAME=myhost , DOMAINNAME=antlabs.com
> > >
> > > but I still get the same error.
> > > For the other points, 1. The server certificate is not prviate one,I
> > > purchased from FreeSSL ; 3. the date on the server and client are the
> >
> > same
> >
> > > 2.My client is configured to "validate server certificate" without
> >
> > choosing
> >
> > > "connect to these servers....".What do you mean it's configured to
> > > limit the server certificate to certain names?How can I check what is
> > > the name
> >
> > in
> >
> > > the server certiificate?
> > > Please advise.Now I am using the purchased the Radiator software
> > > instead
> >
> > of
> >
> > > the trail software(That one expired), can I have some other types
> > > prompt support?Because I need deploy it with 2 days.Thanks!
> > > Rgds
> > > Scott
> > >
> > > -----Original Message-----
> > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > Sent: Monday, August 09, 2004 6:34 PM
> > > To: scottxiao at antlabs.com
> > > Cc: Radiator
> > > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > >
> > >
> > > Hello Scott,
> > >
> > > Its hard to be sure since you did not include the whole trace file, but
> > > this:
> > > tlsv1 alert access denied
> > > indicates that the client didnt like the server certificate. Usually
>
> this
>
> > > is because
> > >
> > > 1. you are using a private server certificate but the client does not
> > > have the
> > > corresponding root certificate.
> > > 2. The client is configured to limit the server certificate to certain
> > > names,
> > > but the name in the server certificate does not match
> > > 3. The clock on the client is outside the valid date range of the
> > > server certificate.
> > >
> > > Cheers.
> > >
> > > On Monday 09 August 2004 14:44, Scott Xiao - ANTlabs wrote:
> > > > Hi,Hugh,
> > > > Thanks ! I did some update on my config file according to your and
> > > > Christian's advice,I downloaded the root CA from FreeSSL and saved in
> >
> > the
> >
> > > > certificate directory as pem format ,and tested again,then I
> >
> > encountered
> >
> > > > another error " EAP PEAP TLS read failed: 2144: 1 -
>
> error:14094419:SSL
>
> > > > routines:SSL3_READ_BYTES:tlsv1 alert access denied" , what could be
>
> the
>
> > > > cause here?Pleaase advise,Thanks a lot!!! Here below is my updated
> >
> > config
> >
> > > > file(part) and the error log:
> > > >
> > > > Config file:
> > > >
> > > > EAPType PEAP,MSCHAP-V2
> > > >
> > > > EAPTLS_CAFile %D/certificates/UTN.pem
> > > >
> > > > EAPTLS_CertificateFile
> > > > %D/certificates/myhost.antlabs.com.pem
> > > >
> > > > EAPTLS_CertificateType PEM
> > > >
> > > > EAPTLS_PrivateKeyFile
> > > > %D/certificates/myhost.antlabs.com.key
> > > >
> > > > EAPTLS_PrivateKeyPassword [password(hidden)]
> > > >
> > > > Error Log:
> > > > Code: Access-Request
> > > > Identifier: 52
> > > > Authentic: <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
> > > > Attributes:
> > > > User-Name = "hello"
> > > > WISPr-Location-ID =
> > > > "isocc=(null),cc=(null),ac=(null),network=GEM1X" WISPr-Location-Name
> > > > = "operator,location"
> > > > NAS-IP-Address = 10.0.0.1
> > > > Service-Type = Framed-User
> > > > NAS-Port = 3
> > > > NAS-Port-Id = "3"
> > > > Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > > Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > > Framed-MTU = 1400
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > > NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > > Connect-Info = "CONNECT 11Mbps 802.11b"
> > > > EAP-Message =
>
> <2><10><0>!<25><128><0><0><0><23><21><3><1><0><18>'<245><137><179><200>3<16
>
> > > >7
> > > >
> > > > >nL<133><196>y<243><146>*[m<140>
> > > >
> > > > Message-Authenticator =
> > > > kW<200><133><164><209>,'<166><19><209><223><197>3h<243>
> > > > Proxy-State = 165
> > > >
> > > > Mon Aug 9 12:19:41 2004: DEBUG: Handling request with Handler ''
> > > > Mon Aug 9 12:19:41 2004: DEBUG: Deleting session for hello,
>
> 10.0.0.1,
>
> > 3
> >
> > > > Mon Aug 9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Aug 9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > Mon Aug 9 12:19:41 2004: DEBUG: Handling with EAP: code 2, 10, 33
> > > > Mon Aug 9 12:19:41 2004: DEBUG: Response type 25
> > > > Mon Aug 9 12:19:41 2004: ERR: EAP PEAP TLS read failed: 2144: 1 -
> > > > error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied
> > > >
> > > > Mon Aug 9 12:19:41 2004: DEBUG: EAP result: 1, EAP PEAP TLS read
> > > > failed Mon Aug 9 12:19:41 2004: INFO: Access rejected for hello: EAP
> > > > PEAP TLS read failed
> > > > Mon Aug 9 12:19:41 2004: DEBUG: Packet dump:
> > > > *** Sending to 192.168.123.9 port 1814 ....
> > > >
> > > > Packet length = 41
> > > > 03 34 00 29 d8 e5 80 35 df 65 12 80 66 9f 3e 42
> > > > 41 03 fe 70 12 10 52 65 71 75 65 73 74 20 44 65
> > > > 6e 69 65 64 21 05 31 36 35
> > > > Code: Access-Reject
> > > > Identifier: 52
> > > > Authentic: <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
> > > > Attributes:
> > > > Reply-Message = "Request Denied"
> > > > Proxy-State = 165
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: owner-radiator at open.com.au
> > > > [mailto:owner-radiator at open.com.au]On Behalf Of Hugh Irvine
> > > > Sent: Saturday, August 07, 2004 2:49 PM
> > > > To: scottxiao at antlabs.com
> > > > Cc: radiator at open.com.au
> > > > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > > >
> > > >
> > > >
> > > > Hello Scott -
> > > >
> > > > The problem is that Radiator cannot find the CA certificates because
> > > > neither EAPTLS_CAFile nor EAPTLS_CAPath are defined.
> > > >
> > > > The example configuration file "goodies/eap_tls.cfg" shows a working
> > > > example.
> > > >
> > > > regards
> > > >
> > > > Hugh
> > > >
> > > > On 7 Aug 2004, at 13:26, Scott Xiao - ANTlabs wrote:
> > > > > Thanks Hugh!
> > > > > But I still don't understand what relationship between that message
> > > > > and my
> > > > > problem of PEAP "EAP TLS Could not initialise context". Since I
>
> have
>
> > a
> >
> > > > > certificate from FreeSSL,do I still need the cert in
> > > > > "demoCA/cacert.pem" ?
> > > > > Do you have a samle configure of using actual certificate instead
> > > > > of self-signed certificate?Thanks!
> > > > > Rgds
> > > > > Scott
> > > > > -----Original Message-----
> > > > > From: Hugh Irvine [mailto:hugh at open.com.au]
> > > > > Sent: Saturday, August 07, 2004 7:32 AM
> > > > > To: scottxiao at antlabs.com
> > > > > Cc: radiator at open.com.au
> > > > > Subject: Re: (RADIATOR) Error "TLS could not
>
> load_verify_locations" -
>
> > > > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > > > >
> > > > >
> > > > >
> > > > > Hello Scott -
> > > > >
> > > > > The complete message is this:
> > > > >
> > > > > TLS.pm: $parent->log($main::LOG_ERR, "TLS could not
> > > > > load_verify_locations $parent->{EAPTLS_CAFile},
> > > > > $parent->{EAPTLS_CAPath}: $errs");
> > > > >
> > > > > See the example configuration file in "goodies/eap_tls.cfg".
> > > > >
> > > > > Here is the relevant section:
> > > > >
> > > > > # EAPTLS_CAFile is the name of a file of CA
> > > > > certificates
> > > > > # in PEM format. The file can contain several CA
> > > > > certificates
> > > > > # Radiator will first look in EAPTLS_CAFile then
> > > > > in # EAPTLS_CAPath, so there usually is no need to set both
> > > > > EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> > > > >
> > > > > # EAPTLS_CAPath is the name of a directory
> > > > > containing CA
> > > > > # certificates (and possible CRLs) in PEM format.
> > > > > The files each contain one
> > > > > # CA certificate. The files are looked up by the
> > > > > CA # subject name hash value
> > > > > # EAPTLS_CAPath %D/certificates/demoCA
> > > > >
> > > > > regards
> > > > >
> > > > > Hugh
> > > > >
> > > > > On 7 Aug 2004, at 01:22, Scott Xiao - ANTlabs wrote:
> > > > >> Hi,
> > > > >> Thanks for all the help on my timer issue,PEAP,acct stop issue,all
> > > > >> those
> > > > >> resolved.
> > > > >> The current issue is,I got an error of "TLS could not
> > > > >> load_verify_locations"
> > > > >> with an actually certificate,see the config file and debug below.
> > > > >> I purchased a server ceriticate from freessl.com , copy the text
> > > > >> part of the
> > > > >> cert into a text file and saved in the certificate directory of
> > > > >> radiator as
> > > > >> a .pem file, together with the private key file (.key file).Then I
> > > > >> modified
> > > > >> the config file to point the path to the certificate
> > > > >> directory,instead of
> > > > >> using the sample certificates.I found the sample pem file has 2
> > > > >> parts,public
> > > > >> key and private key inside,while my pem file (server cert) has
> > > > >> only one
> > > > >> part,which is the server server cert itself.But I don't think it's
> > > > >> issue
> > > > >> since the comments in the file says it could be the same file for
> > > > >> the keys.Then I tested,and got the error as mentioned.Can you
>
> advise
>
> > > > >> what 's the
> > > > >> problem?FreeSSL's webserver cert should work in this
> >
> > senario,right?How
> >
> > > > >> to
> > > > >> make a pem file to have 2 parts like the samle one?Thanks!!
> > > > >> Rgds
> > > > >> Scott
> > > > >>
> > > > >>
> > > > >> config file:
> > > > >>
> > > > >> EAPType PEAP,MSCHAP-V2
> > > > >>
> > > > >>
> > > > >> EAPTLS_CertificateFile
> > > > >> %D/certificates/myhost.antlabs.com.pem
> > > > >>
> > > > >> EAPTLS_CertificateType PEM
> > > > >> #EAPTLS_CertificateType CRT
> > > > >>
> > > > >> # EAPTLS_PrivateKeyFile is the name of the file
> > > > >> containing
> > > > >> # the servers private key. It is sometimes in the
> >
> > same
> >
> > > > >> file
> > > > >> # as the server certificate
>
> (EAPTLS_CertificateFile)
>
> > > > >> # If the private key is encrypted (usually the
>
> case)
>
> > > > >> # then EAPTLS_PrivateKeyPassword is the key to
> > > > >> descrypt it
> > > > >> #EAPTLS_PrivateKeyFile
> > > > >> %D/certificates/cert-srv.pem EAPTLS_PrivateKeyFile
> > > > >> %D/certificates/myhost.antlabs.com.key
> > > > >> #EAPTLS_PrivateKeyFile
> > > > >> /etc/radiator/certificates/myhost.antlabs.com.key
> > > > >> # EAPTLS_PrivateKeyFile %D/certificates/myhost.pem
> > > > >> #EAPTLS_PrivateKeyPassword whatever
> > > > >> EAPTLS_PrivateKeyPassword hiddenpassword
> > > > >>
> > > > >> Debuging info:
> > > > >>
> > > > >> [root at AAA Radiator-3.9]# ./radiusd -foreground -config_file
> >
> > ./tt1.cfg
> >
> > > > >> Fri Aug 6 23:04:27 2004: DEBUG: Finished reading configuration
>
> file
>
> > > > >> './tt1.cfg'
> > > > >> Fri Aug 6 23:04:27 2004: DEBUG: Reading dictionary file
> > > > >> '/usr/src/802/radiator/Radiator-3.9/dictionary'
> > > > >> Fri Aug 6 23:04:27 2004: DEBUG: Creating authentication port
> > > > >> 0.0.0.0:1812
> > > > >> Fri Aug 6 23:04:27 2004: DEBUG: Creating accounting port
> >
> > 0.0.0.0:1813
> >
> > > > >> Fri Aug 6 23:04:27 2004: NOTICE: Server started: Radiator 3.9 on
> > > > >> AAA
> > > > >>
> > > > >>
> > > > >>
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: Packet dump:
> > > > >> *** Received from 192.168.123.9 port 1814 ....
> > > > >>
> > > > >> Packet length = 266
> > > > >> 01 2a 01 0a 6b 23 57 6b 5f b8 ea 46 bd 67 35 ac
> > > > >> 73 e7 51 2a 01 07 68 65 6c 6c 6f 1a 36 00 00 37
> > > > >> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
> > > > >> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
> > > > >> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
> > > > >> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
> > > > >> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
> > > > >> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
> > > > >> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
> > > > >> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
> > > > >> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
> > > > >> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
> > > > >> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
> > > > >> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
> > > > >> 38 30 32 2e 31 31 62 4f 0c 02 01 00 0a 01 68 65
> > > > >> 6c 6c 6f 50 12 a3 6c 26 6a 29 c3 cf 09 f1 3a af
> > > > >> e2 a7 d9 7a 27 21 05 31 35 35
> > > > >> Code: Access-Request
> > > > >> Identifier: 42
> > > > >> Authentic: k#Wk_<184><234>F<189>g5<172>s<231>Q*
> > > > >> Attributes:
> > > > >> User-Name = "hello"
> > > > >> WISPr-Location-ID =
> > > > >> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> > > > >> WISPr-Location-Name = "operator,location"
> > > > >> NAS-IP-Address = 10.0.0.1
> > > > >> Service-Type = Framed-User
> > > > >> NAS-Port = 3
> > > > >> NAS-Port-Id = "3"
> > > > >> Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > > >> Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > > >> Framed-MTU = 1400
> > > > >> NAS-Port-Type = Wireless-IEEE-802-11
> > > > >> NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > > >> Connect-Info = "CONNECT 11Mbps 802.11b"
> > > > >> EAP-Message = <2><1><0><10><1>hello
> > > > >> Message-Authenticator =
> > > > >> <163>l&j)<195><207><9><241>:<175><226><167><217>z'
> > > > >> Proxy-State = 155
> > > > >>
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: Handling request with Handler ''
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: Deleting session for hello,
> > > > >> 10.0.0.1, 3
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: Handling with EAP: code 2, 1, 10
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: Response type 1
> > > > >> Fri Aug 6 23:04:50 2004: ERR: TLS could not load_verify_locations
>
> ,
>
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: EAP result: 1, EAP TLS Could not
> > > > >> initialise
> > > > >> context
> > > > >> Fri Aug 6 23:04:50 2004: INFO: Access rejected for hello: EAP TLS
> > > > >> Could not
> > > > >> initialise context
> > > > >> Fri Aug 6 23:04:50 2004: DEBUG: Packet dump:
> > > > >> *** Sending to 192.168.123.9 port 1814 ....
> > > > >>
> > > > >> Packet length = 41
> > > > >> 03 2a 00 29 de 49 a8 63 73 f4 3d 7e 46 3b f0 77
> > > > >> f0 4e 7e 85 12 10 52 65 71 75 65 73 74 20 44 65
> > > > >> 6e 69 65 64 21 05 31 35 35
> > > > >> Code: Access-Reject
> > > > >> Identifier: 42
> > > > >> Authentic: k#Wk_<184><234>F<189>g5<172>s<231>Q*
> > > > >> Attributes:
> > > > >> Reply-Message = "Request Denied"
> > > > >> Proxy-State = 155
> > > > >>
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: Packet dump:
> > > > >> *** Received from 192.168.123.9 port 1814 ....
> > > > >>
> > > > >> Packet length = 266
> > > > >> 01 2b 01 0a 64 a2 eb e1 33 a6 36 6a ea dd 0b e5
> > > > >> be e9 8b 22 01 07 73 63 6f 74 74 1a 36 00 00 37
> > > > >> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
> > > > >> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
> > > > >> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
> > > > >> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
> > > > >> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
> > > > >> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
> > > > >> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
> > > > >> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
> > > > >> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
> > > > >> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
> > > > >> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
> > > > >> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
> > > > >> 38 30 32 2e 31 31 62 4f 0c 02 02 00 0a 01 73 63
> > > > >> 6f 74 74 50 12 80 4b 89 4b 8f ad 7a c7 a3 d5 a6
> > > > >> 5e b0 d6 23 19 21 05 31 35 36
> > > > >> Code: Access-Request
> > > > >> Identifier: 43
> > > > >> Authentic:
> > > > >> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
> > > > >> Attributes:
> > > > >> User-Name = "scott"
> > > > >> WISPr-Location-ID =
> > > > >> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> > > > >> WISPr-Location-Name = "operator,location"
> > > > >> NAS-IP-Address = 10.0.0.1
> > > > >> Service-Type = Framed-User
> > > > >> NAS-Port = 3
> > > > >> NAS-Port-Id = "3"
> > > > >> Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > > >> Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > > >> Framed-MTU = 1400
> > > > >> NAS-Port-Type = Wireless-IEEE-802-11
> > > > >> NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > > >> Connect-Info = "CONNECT 11Mbps 802.11b"
> > > > >> EAP-Message = <2><2><0><10><1>scott
> > > > >> Message-Authenticator =
> > > > >> <128>K<137>K<143><173>z<199><163><213><166>^<176><214>#<25>
> > > > >> Proxy-State = 156
> > > > >>
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: Handling request with Handler ''
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: Deleting session for scott,
> > > > >> 10.0.0.1, 3
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: Handling with EAP: code 2, 2, 10
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: Response type 1
> > > > >> Fri Aug 6 23:05:05 2004: ERR: TLS could not load_verify_locations
>
> ,
>
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: EAP result: 1, EAP TLS Could not
> > > > >> initialise
> > > > >> context
> > > > >> Fri Aug 6 23:05:05 2004: INFO: Access rejected for scott: EAP TLS
> > > > >> Could not
> > > > >> initialise context
> > > > >> Fri Aug 6 23:05:05 2004: DEBUG: Packet dump:
> > > > >> *** Sending to 192.168.123.9 port 1814 ....
> > > > >>
> > > > >> Packet length = 41
> > > > >> 03 2b 00 29 43 89 dc ac 25 80 f5 79 2e df dc b9
> > > > >> 46 58 5b 41 12 10 52 65 71 75 65 73 74 20 44 65
> > > > >> 6e 69 65 64 21 05 31 35 36
> > > > >> Code: Access-Reject
> > > > >> Identifier: 43
> > > > >> Authentic:
> > > > >> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
> > > > >> Attributes:
> > > > >> Reply-Message = "Request Denied"
> > > > >> Proxy-State = 156
> > > > >>
> > > > >>
> > > > >> [root at AAA Radiator-3.9]#
> > > > >>
> > > > >> [root at AAA certificates]# ls
> > > > >> cert-clt.p12 demoCA myhost.antlabs.com.pem
> > > > >> root.pem
> > > > >> cert-clt.pem myhost.antlabs.com.crt README
> > > > >> cert-srv.pem myhost.antlabs.com.key root.der
> > > > >> [root at AAA certificates]#
> > > > >>
> > > > >>
> > > > >>
> > > > >> -----Original Message-----
> > > > >> From: owner-radiator at open.com.au
> >
> > [mailto:owner-radiator at open.com.au]On
> >
> > > > >> Behalf Of Bon sy
> > > > >> Sent: Tuesday, August 03, 2004 7:10 PM
> > > > >> To: Terry Simons
> > > > >> Cc: scottxiao at antlabs.com; radiator at open.com.au
> > > > >> Subject: Re: (RADIATOR) SSL certificate for 802.1x
> > > > >> PEAP/aironet1100 WLAN
> > > > >>
> > > > >>
> > > > >> Hi Scott and Terry,
> > > > >>
> > > > >> If your main concern is the cost as Terry mentioned, you may want
> > > > >> to consider building your own CA using openssl. If a moderate cost
> > > > >> investment may fit your budget, you may want to look into CATool
> > > > >> as Mike/Hugh has suggested previously.
> > > > >>
> > > > >> We have tried and used both. Building your own CA using openssl
> > > > >> is more involved --- and obviously you have to provide your own
> >
> > technical
> >
> > > > >> support --- in comparing to using CATool. If you do want to build
> >
> > your
> >
> > > > >> own
> > > > >> CA using openssl and to avoid the frustration causing your late
> > > > >> night sleepless symtom, we find it important to build up the
>
> comfort
>
> > > > >> level on
> > > > >> openssl, perl, and Linux, and definitely read up a lot from the
> > > > >> mailing
> > > > >> list, before doing it.
> > > > >>
> > > > >> Bon
> > > > >>
> > > > >> On Mon, 2 Aug 2004, Terry Simons wrote:
> > > > >>> Hi Scott,
> > > > >>>
> > > > >>> You *can* reuse a server certificate in another location later.
> > > > >>>
> > > > >>> The domain name has no real significance, except that you need to
> > > > >>> verify it on the client to ensure that your clients are secure.
> > > > >>> The domain can be whatever you like, and can exist on multiple
> >
> > servers...
> >
> > > > >>> there is no inherent tie to any given server.
> > > > >>>
> > > > >>> That said, it is probably *not* a good idea to reuse certificates
> > > > >>> in a
> > > > >>> production environment, but it does work.
> > > > >>>
> > > > >>> Is the main reason why you are purchasing certificates to ensure
> >
> > that
> >
> > > > >>> the client has a pre-installed CA certificate that will verify
>
> your
>
> > > > >>> certificate, or for some other reason?
> > > > >>>
> > > > >>> If your main concern is the cost, you should probably consider
> > > > >>> rolling
> > > > >>> your own certificates.
> > > > >>>
> > > > >>> - Terry
> > > > >>>
> > > > >>> On Aug 2, 2004, at 8:59 PM, Scott Xiao - ANTlabs wrote:
> > > > >>>> Hi,
> > > > >>>> Can any of you recommend one workable Radius(Radiator) server
> > > > >>>> certificate
> > > > >>>> besides Verisign?I want to buy a cheaper one,use it in 802.1x
> > > > >>>> PEAP WLAN
> > > > >>>> hotspot.If I use it for domain "hostname.mydomain.com" ,can I
> > > > >>>> use the
> > > > >>>> same
> > > > >>>> certificate in future if I deploy a same WLAN in another place
> >
> > which
> >
> > > > >>>> will
> > > > >>>> still use the same domain name?Thanks!
> > > > >>>> Rgds
> > > > >>>> Scott Xiao
> > > > >>>> -----Original Message-----
> > > > >>>> From: owner-radiator at open.com.au
> > > > >>>> [mailto:owner-radiator at open.com.au]On
> > > > >>>> Behalf Of Terry Simons
> > > > >>>> Sent: Thursday, July 29, 2004 1:15 PM
> > > > >>>> To: Christian Wiedmann
> > > > >>>> Cc: radiator at open.com.au
> > > > >>>> Subject: Re: (RADIATOR) SSL certificate for 802.1x
> > > > >>>> PEAP/aironet1100 WLAN
> > > > >>>>
> > > > >>>>
> > > > >>>> Hi,
> > > > >>>>
> > > > >>>> On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:
> > > > >>>>> As far as I know, the XP server extension OID is the one that
> > > > >>>>> is also
> > > > >>>>> used for web servers. Therefore, a web server certificate
>
> should
>
> > > > >>>>> work.
> > > > >>>>
> > > > >>>> This is true. There is one thing that people should probably be
> > > > >>>> aware
> > > > >>>> of, however.
> > > > >>>>
> > > > >>>> At the last Networld + Interop HotStage, we did some extensive
> > > > >>>> testing
> > > > >>>> with this and it was determined that what should probably happen
> > > > >>>> is to
> > > > >>>> officially apply for some OIDs for 802.1X authentication
> > > > >>>> servers. One
> > > > >>>> of the HotStage members that is involved in the IETF and the
> > > > >>>> IEEE
> >
> > is
> >
> > > > >>>> pushing that a bit, so it could be the case that a "proper" OID
> > > > >>>> set will come out in the future. It could be a ways out, but I
> > > > >>>> personally
> > > > >>>> hope that it happens so we can have an "official" way of
> > > > >>>> creating "802.1X authentication" certificates.
> > > > >>>>
> > > > >>>> - Terry
> > > > >>>>
> > > > >>>>> For what it's worth, I've successfully used a Verisign web
>
> server
>
> > > > >>>>> certificate
> > > > >>>>> for PEAP authentication against Windows XP SP1. I think
> > > > >>>>> there's a good
> > > > >>>>> chance a freessl certificate would work too.
> > > > >>>>>
> > > > >>>>> -Christian
> > > > >>>>>
> > > > >>>>> ref.:
> > > > >>>>> http://support.microsoft.com/?kbid=814394
> > > > >>>>> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
> > > > >>>>> http://www.ietf.org/rfc/rfc2459.txt
> > > > >>>>>
> > > > >>>>> On Wed, 28 Jul 2004, Mike McCauley wrote:
> > > > >>>>>> Date: Wed, 28 Jul 2004 19:35:44 +1000
> > > > >>>>>> From: Mike McCauley <mikem at open.com.au>
> > > > >>>>>> To: scottxiao at antlabs.com
> > > > >>>>>> Cc: Radiator <radiator at open.com.au>
> > > > >>>>>> Subject: Re: (RADIATOR) SSL certificate for 802.1x
> > > > >>>>>> PEAP/aironet1100
> > > > >>>>>> WLAN
> > > > >>>>>>
> > > > >>>>>> Hi Scott,
> > > > >>>>>>
> > > > >>>>>> On Wednesday 28 July 2004 18:41, Scott Xiao - ANTlabs wrote:
> > > > >>>>>>> Hi,Mike,
> > > > >>>>>>> Thanks, so do you have any suggestion that I can purchase
> > > > >>>>>>> regarding
> > > > >>>>>>> the
> > > > >>>>>>> cert for radius server?Verisign?which type?If you have any
> > > > >>>>>>> recommendation
> > > > >>>>>>> that it works well on Radiator....Thanks
> > > > >>>>>>
> > > > >>>>>> Verisign offer certificates for radius servers, but I dont
> > > > >>>>>> know the
> > > > >>>>>> details of
> > > > >>>>>> how to apply for one. They do work with Radiator. You should
>
> try
>
> > > > >>>>>> to
> > > > >>>>>> get it in
> > > > >>>>>> PEM format.
> > > > >>>>>>
> > > > >>>>>> Cheers.
> > > > >>>>>
> > > > >>>>> --
> > > > >>>>> Archive at http://www.open.com.au/archives/radiator/
> > > > >>>>> Announcements on radiator-announce at open.com.au
> > > > >>>>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >>>>> 'unsubscribe radiator' in the body of the message.
> > > > >>>>
> > > > >>>> --
> > > > >>>> Archive at http://www.open.com.au/archives/radiator/
> > > > >>>> Announcements on radiator-announce at open.com.au
> > > > >>>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >>>> 'unsubscribe radiator' in the body of the message.
> > > > >>>
> > > > >>> --
> > > > >>> Archive at http://www.open.com.au/archives/radiator/
> > > > >>> Announcements on radiator-announce at open.com.au
> > > > >>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >>> 'unsubscribe radiator' in the body of the message.
> > > > >>
> > > > >> --
> > > > >> Archive at http://www.open.com.au/archives/radiator/
> > > > >> Announcements on radiator-announce at open.com.au
> > > > >> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >> 'unsubscribe radiator' in the body of the message.
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Archive at http://www.open.com.au/archives/radiator/
> > > > >> Announcements on radiator-announce at open.com.au
> > > > >> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >> 'unsubscribe radiator' in the body of the message.
> > > > >
> > > > > NB: have you included a copy of your configuration file (no
>
> secrets),
>
> > > > > together with a trace 4 debug showing what is happening?
> > > > >
> > > > > --
> > > > > Radiator: the most portable, flexible and configurable RADIUS
> > > > > server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > > > -
> > > > > Nets: internetwork inventory and management - graphical,
> > > > > extensible, flexible with hardware, software, platform and database
>
> independence.
>
> > > > > -
> > > > > CATool: Private Certificate Authority for Unix and Unix-like
>
> systems.
>
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > > >
> > > > NB: have you included a copy of your configuration file (no secrets),
> > > > together with a trace 4 debug showing what is happening?
> > > >
> > > > --
> > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > > -
> > > > Nets: internetwork inventory and management - graphical, extensible,
> > > > flexible with hardware, software, platform and database independence.
> > > > -
> > > > CATool: Private Certificate Authority for Unix and Unix-like systems.
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> > > >
> > > >
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > --
> > > Mike McCauley mikem at open.com.au
> > > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> > > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> >
> > http://www.open.com.au
> >
> > > Phone +61 7 5598-7474 Fax +61 7 5598-7070
> > >
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > >
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Mike McCauley mikem at open.com.au
> > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>
> http://www.open.com.au
>
> > Phone +61 7 5598-7474 Fax +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list