(RADIATOR)User authentication succeeded even using wrong password

Scott Xiao - ANTlabs scottxiao at antlabs.com
Tue Oct 26 04:24:54 CDT 2004


Hi,Mike,
I found there is a problem in my configuration ,the same system as we
discussed before as below.The User authentication succeeded even using wrong
password.Wrong user ID won't pass.What can be the issue in the config?Please
advise,thanks!
Rgds
Scott

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
Behalf Of Scott Xiao - ANTlabs
Sent: Tuesday, August 17, 2004 10:48 AM
To: Radiator
Subject: RE: (RADIATOR) Verisign certificate for Radiator 802.1x PEAP WLAN


Hi,
I got email from Radiator saying "VeriSign has issued your WLAN Server
Certificate",so I paste the URL and PIN,click "install certificate" ,nothing
happened.I don't know if the certificate is saved automatically to somewhere
in my notebook.I went to the server to do the same thing and result is the
same.Can advise what happened to the server certificate?And is private key
also saved to local automatically?Thanks!
Rgds
Scott

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
Behalf Of Scott Xiao - ANTlabs
Sent: Thursday, August 12, 2004 10:32 AM
To: Radiator
Cc: Mike McCauley
Subject: RE: (RADIATOR) Verisign certificate for Radiator 802.1x PEAP WLAN


Hi Mike,I purchased the server certificate from the URL you gave me,and then
I  got an email from Verign saying the certificate is only compatible with
Microsoft IAS,is that true?I remember you and Christian mentioned it works
with Radiator,but where is the private key?Please advise,thanks!
Rgds
Scott
<Email from Verisign:- >
++++++++++++++++++++++++
Dear Scott,
We unfortunately do not have information regarding Radiator Radius server.
However,
the WLAN certificate you have enrolled is only compatible with Microsoft
Radius server.
During the enrollment, there is no Certificate Signing Request (CSR) file
requested and
the ID will actually install into the Internet Explorer browser. It is
possible to export the
certificate but the backup file that is created is only compatible with
Microsoft server.

So if you have a different web server you are working with, you normally
have to generate
a key pair. You would not be able to submit this key pair to us however
because during
the enrollment for a WLAN certificate, the CSR is never requested.

We would recommend to contact your server vendor and ask them if a regular
SSL certificate
would work for your purposes. The enrollment for the normal SSL certificates
will always ask for you
to submit the CSR file on the enrollment page. We would return the
certificate file to you as a signed
public key and when you install this, it will have to locate the
corresponding private key on the server.

If you would like us to cancel this order so that is does not get issued,
please let us know as soon as
possible.


Thank you,

Frank

VeriSign Customer Support

-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au]
Sent: Tuesday, August 10, 2004 6:01 PM
To: scottxiao at antlabs.com
Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN


Hello Scott,


On Tuesday 10 August 2004 17:04, Scott Xiao  - ANTlabs wrote:
> Hi,Mike,
> Yes,it's AP's log.Ok,I will check that doc to explore the pc's log...
> Yes,the customer is IDA Singapore(InfoComm Development Authority).This is
a
> very important customer to me,aslo to you,right?

Unfortunately our support team are unable to provide any more free support
for
you.

Our staff are currently checking with IDA Singapore to find out if you can
use
the support contract that IDA have with us.
We will let you know when we hear from them.

Cheers.

>
> Thanks
> Scott
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Tuesday, August 10, 2004 2:07 PM
> To: scottxiao at antlabs.com
> Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
>
>
> Hello Scott,
>
> This looks like a log from your Access Point. Is that true?
>
> The problem you are trying to work out is why your PC wireless client is
> not authenticating.
>
> You actually need to look at the logs from the wireless client on the PC
> that
> is trying to connect. If your are running a Windows client on XP or
> similar, see the FAQ item http://www.open.com.au/radiator/faq.html#130
> for information on how to enable tracing in the Windows client.
>
> Can you tell me privately the name of the customer you are working for and
> the
> details of their Radiator license? Then I can determine if there is a
> support
> contract in place?
>
> Cheers.
>
> On Tuesday 10 August 2004 15:54, Scott Xiao  - ANTlabs wrote:
> > Hi,Mike,
> > Thanks.I make my Gemtek P320 AP by pass the Access Control
> > Gateway(ANTlabs SG),got the same result.I setup a syslog server,and here
> > below is the Radius client(AP)'s log information.It mentioned "
> > Unauthorizing station 00:0c:f1:08:37:bf  " ,that's my PEAP WLAN client
> > notebook MAC address.Can you advise sth from it?Thanks!
> > Rgds
> > Scott /ANTlabs
> >
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
>
> 10.0.0.5
>
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > 192.168.123.8
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > 192.168.42.1
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > 192.168.40.1
> > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > 192.168.2.111
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203 not
> > supported here
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
>
> netlink
>
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203 not
> > supported here
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
>
> netlink
>
> > Aug 10 13:44:52 192.168.123.15 last message repeated 4 times
> > Aug 10 13:44:52 192.168.123.15 [ AAAD ]: Could not extract EAP-Message
>
> from
>
> > RADIUS message
> > Aug 10 13:44:52 192.168.123.15 [ AAAD ]:  Unauthorizing station
> > 00:0c:f1:08:37:bf
> > Aug 10 13:44:52 192.168.123.15 [ AAAD ]: Removing 00:0c:f1:08:37:bf
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: soft_ap: got INFO
AssocStatus=3
> > addr=00:0c:f1:08:37:bf
> > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: ap_hash: unlinking node
> > flags=11 addr 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11 INFO_AUTH_REQUEST
> > Aug 10 13:44:53 192.168.123.15 [ AAAD ]: IEEE 802.1X: Start
> > authentication for new station 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ AAAD ]:  Unauthorizing station
> > 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: soft_ap: got INFO
AssocStatus=1
> > addr=00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: ap_hash: linking node flags=11
> > addr 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ AAAD ]:  Unauthorizing station
> > 00:0c:f1:08:37:bf
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
>
> netlink
>
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
>
> netlink
>
> > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203 not
> > supported here
> > Aug 10 13:45:23 192.168.123.15 last message repeated 2 times
> > Aug 10 13:45:54 192.168.123.15 last message repeated 10 times
> > Aug 10 13:45:54 192.168.123.15 [ AAAD ]:  Unauthorizing station
> > 00:0c:f1:08:37:bf
> > Aug 10 13:45:54 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203 not
> > supported here
> > Aug 10 13:46:24 192.168.123.15 last message repeated 2 times
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Tuesday, August 10, 2004 5:50 AM
> > To: scottxiao at antlabs.com
> > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> >
> >
> > Hello Scott,
> >
> > Im not able to tell what the problem that the client is complaining
> > about. You
> > will probably have to look at the client logs on the client computer.
You
> > can
> > find information about how to examine client logs files in the Radiator
>
> FAQ
>
> > http://www.open.com.au/radiator/faq.html
> >
> > For prompt guaranteed support you can purchase a support contract, see
> > http://www.open.com.au/ordering.html
> >
> > Cheers.
> >
> > On Monday 09 August 2004 21:29, Scott Xiao  - ANTlabs wrote:
> > > Hi,Mike,
> > > Thanks!I think the 2nd point you mentioned is a bit possible. The
> > > certificate is issued to myhost.antlabs.com domain, but the host name
> > > of the radius server is "aaa" without domain name.So I added some
lines
> > > in
> >
> > the
> >
> > > hosts file of the server
> > >
> > > [root at AAA root]# more /etc/hosts
> > > 127.0.0.1               localhost
> > > 192.168.123.18          myhost.antlabs.com
> > >
> > > and did 2 commands, HOSTNAME=myhost , DOMAINNAME=antlabs.com
> > >
> > > but I still get the same error.
> > > For the other points, 1. The server certificate is not prviate one,I
> > > purchased from FreeSSL ; 3.  the date on the server and client are the
> >
> > same
> >
> > > 2.My client is configured to "validate server certificate" without
> >
> > choosing
> >
> > > "connect to these servers....".What do you mean it's configured to
> > > limit the server certificate to certain names?How can I check what is
> > > the name
> >
> > in
> >
> > > the server certiificate?
> > > Please advise.Now I am using the purchased the Radiator software
> > > instead
> >
> > of
> >
> > > the trail software(That one expired), can I have some other types
> > > prompt support?Because I need deploy it with 2  days.Thanks!
> > > Rgds
> > > Scott
> > >
> > > -----Original Message-----
> > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > Sent: Monday, August 09, 2004 6:34 PM
> > > To: scottxiao at antlabs.com
> > > Cc: Radiator
> > > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > >
> > >
> > > Hello Scott,
> > >
> > > Its hard to be sure since you did not include the whole trace file,
but
> > > this:
> > > tlsv1 alert access denied
> > > indicates that the client didnt like the server certificate. Usually
>
> this
>
> > > is because
> > >
> > > 1. you are using a private server certificate but the client does not
> > > have the
> > > corresponding root certificate.
> > > 2. The client is configured to limit the server certificate to certain
> > > names,
> > > but the name in the server certificate does not match
> > > 3. The clock on the client is outside the valid date range of the
> > > server certificate.
> > >
> > > Cheers.
> > >
> > > On Monday 09 August 2004 14:44, Scott Xiao  - ANTlabs wrote:
> > > > Hi,Hugh,
> > > > Thanks ! I did some update on my config file according to your and
> > > > Christian's advice,I downloaded the root CA from FreeSSL and saved
in
> >
> > the
> >
> > > > certificate directory  as pem format ,and tested again,then I
> >
> > encountered
> >
> > > > another error " EAP PEAP TLS read failed:  2144: 1 -
>
> error:14094419:SSL
>
> > > > routines:SSL3_READ_BYTES:tlsv1 alert access denied" , what could be
>
> the
>
> > > > cause here?Pleaase advise,Thanks a lot!!! Here below is my updated
> >
> > config
> >
> > > > file(part) and the error log:
> > > >
> > > > Config file:
> > > >
> > > > EAPType PEAP,MSCHAP-V2
> > > >
> > > >                 EAPTLS_CAFile %D/certificates/UTN.pem
> > > >
> > > >                 EAPTLS_CertificateFile
> > > > %D/certificates/myhost.antlabs.com.pem
> > > >
> > > >                 EAPTLS_CertificateType PEM
> > > >
> > > >                 EAPTLS_PrivateKeyFile
> > > > %D/certificates/myhost.antlabs.com.key
> > > >
> > > >                 EAPTLS_PrivateKeyPassword [password(hidden)]
> > > >
> > > > Error Log:
> > > > Code:       Access-Request
> > > > Identifier: 52
> > > > Authentic:  <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
> > > > Attributes:
> > > >         User-Name = "hello"
> > > >         WISPr-Location-ID =
> > > > "isocc=(null),cc=(null),ac=(null),network=GEM1X" WISPr-Location-Name
> > > > = "operator,location"
> > > >         NAS-IP-Address = 10.0.0.1
> > > >         Service-Type = Framed-User
> > > >         NAS-Port = 3
> > > >         NAS-Port-Id = "3"
> > > >         Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > >         Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > >         Framed-MTU = 1400
> > > >         NAS-Port-Type = Wireless-IEEE-802-11
> > > >         NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > >         Connect-Info = "CONNECT 11Mbps 802.11b"
> > > >         EAP-Message =
>
>
<2><10><0>!<25><128><0><0><0><23><21><3><1><0><18>'<245><137><179><200>3<16
>
> > > >7
> > > >
> > > > >nL<133><196>y<243><146>*[m<140>
> > > >
> > > >         Message-Authenticator =
> > > > kW<200><133><164><209>,'<166><19><209><223><197>3h<243>
> > > >         Proxy-State = 165
> > > >
> > > > Mon Aug  9 12:19:41 2004: DEBUG: Handling request with Handler ''
> > > > Mon Aug  9 12:19:41 2004: DEBUG:  Deleting session for hello,
>
> 10.0.0.1,
>
> > 3
> >
> > > > Mon Aug  9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Aug  9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > Mon Aug  9 12:19:41 2004: DEBUG: Handling with EAP: code 2, 10, 33
> > > > Mon Aug  9 12:19:41 2004: DEBUG: Response type 25
> > > > Mon Aug  9 12:19:41 2004: ERR: EAP PEAP TLS read failed:  2144: 1 -
> > > > error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access
denied
> > > >
> > > > Mon Aug  9 12:19:41 2004: DEBUG: EAP result: 1, EAP PEAP TLS read
> > > > failed Mon Aug  9 12:19:41 2004: INFO: Access rejected for hello:
EAP
> > > > PEAP TLS read failed
> > > > Mon Aug  9 12:19:41 2004: DEBUG: Packet dump:
> > > > *** Sending to 192.168.123.9 port 1814 ....
> > > >
> > > > Packet length = 41
> > > > 03 34 00 29 d8 e5 80 35 df 65 12 80 66 9f 3e 42
> > > > 41 03 fe 70 12 10 52 65 71 75 65 73 74 20 44 65
> > > > 6e 69 65 64 21 05 31 36 35
> > > > Code:       Access-Reject
> > > > Identifier: 52
> > > > Authentic:  <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
> > > > Attributes:
> > > >         Reply-Message = "Request Denied"
> > > >         Proxy-State = 165
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: owner-radiator at open.com.au
> > > > [mailto:owner-radiator at open.com.au]On Behalf Of Hugh Irvine
> > > > Sent: Saturday, August 07, 2004 2:49 PM
> > > > To: scottxiao at antlabs.com
> > > > Cc: radiator at open.com.au
> > > > Subject: Re: (RADIATOR) Error "TLS could not
load_verify_locations" -
> > > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > > >
> > > >
> > > >
> > > > Hello Scott -
> > > >
> > > > The problem is that Radiator cannot find the CA certificates because
> > > > neither EAPTLS_CAFile nor EAPTLS_CAPath are defined.
> > > >
> > > > The example configuration file "goodies/eap_tls.cfg" shows a working
> > > > example.
> > > >
> > > > regards
> > > >
> > > > Hugh
> > > >
> > > > On 7 Aug 2004, at 13:26, Scott Xiao - ANTlabs wrote:
> > > > > Thanks Hugh!
> > > > > But I still don't understand what relationship between that
message
> > > > > and my
> > > > > problem of PEAP "EAP TLS Could not  initialise context". Since I
>
> have
>
> > a
> >
> > > > > certificate from FreeSSL,do I still need the cert in
> > > > > "demoCA/cacert.pem"  ?
> > > > > Do you have a samle configure of using actual certificate instead
> > > > > of self-signed certificate?Thanks!
> > > > > Rgds
> > > > > Scott
> > > > > -----Original Message-----
> > > > > From: Hugh Irvine [mailto:hugh at open.com.au]
> > > > > Sent: Saturday, August 07, 2004 7:32 AM
> > > > > To: scottxiao at antlabs.com
> > > > > Cc: radiator at open.com.au
> > > > > Subject: Re: (RADIATOR) Error "TLS could not
>
> load_verify_locations" -
>
> > > > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > > > >
> > > > >
> > > > >
> > > > > Hello Scott -
> > > > >
> > > > > The complete message is this:
> > > > >
> > > > > TLS.pm:     $parent->log($main::LOG_ERR, "TLS could not
> > > > > load_verify_locations $parent->{EAPTLS_CAFile},
> > > > > $parent->{EAPTLS_CAPath}: $errs");
> > > > >
> > > > > See the example configuration file in "goodies/eap_tls.cfg".
> > > > >
> > > > > Here is the relevant section:
> > > > >
> > > > >                  # EAPTLS_CAFile is the name of a file of CA
> > > > > certificates
> > > > >                  # in PEM format. The file can contain several CA
> > > > > certificates
> > > > >                  # Radiator will first look in EAPTLS_CAFile then
> > > > > in # EAPTLS_CAPath, so there usually is no need to set both
> > > > >                  EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> > > > >
> > > > >                  # EAPTLS_CAPath is the name of a directory
> > > > > containing CA
> > > > >                  # certificates (and possible CRLs) in PEM format.
> > > > > The files each contain one
> > > > >                  # CA certificate. The files are looked up by the
> > > > > CA # subject name hash value
> > > > > #               EAPTLS_CAPath %D/certificates/demoCA
> > > > >
> > > > > regards
> > > > >
> > > > > Hugh
> > > > >
> > > > > On 7 Aug 2004, at 01:22, Scott Xiao - ANTlabs wrote:
> > > > >> Hi,
> > > > >> Thanks for all the help on my timer issue,PEAP,acct stop
issue,all
> > > > >> those
> > > > >> resolved.
> > > > >> The current issue is,I got an error of "TLS could not
> > > > >> load_verify_locations"
> > > > >> with an actually certificate,see the config file and debug below.
> > > > >> I purchased a server ceriticate from freessl.com , copy the text
> > > > >> part of the
> > > > >> cert into a text file and saved in the certificate directory of
> > > > >> radiator as
> > > > >> a .pem file, together with the private key file (.key file).Then
I
> > > > >> modified
> > > > >> the config file  to point the path to the certificate
> > > > >> directory,instead of
> > > > >> using the sample certificates.I found the sample pem file has 2
> > > > >> parts,public
> > > > >> key and private key inside,while my pem file (server cert) has
> > > > >> only one
> > > > >> part,which is the server server cert itself.But I don't think
it's
> > > > >> issue
> > > > >> since the comments in the file says it could be the same file for
> > > > >> the keys.Then I tested,and got the error as mentioned.Can you
>
> advise
>
> > > > >> what 's the
> > > > >> problem?FreeSSL's webserver cert should work in this
> >
> > senario,right?How
> >
> > > > >> to
> > > > >> make a pem file to have 2 parts like the samle one?Thanks!!
> > > > >> Rgds
> > > > >> Scott
> > > > >>
> > > > >>
> > > > >> config file:
> > > > >>
> > > > >>   EAPType PEAP,MSCHAP-V2
> > > > >>
> > > > >>
> > > > >>                 EAPTLS_CertificateFile
> > > > >> %D/certificates/myhost.antlabs.com.pem
> > > > >>
> > > > >>                 EAPTLS_CertificateType PEM
> > > > >>                 #EAPTLS_CertificateType CRT
> > > > >>
> > > > >>                 # EAPTLS_PrivateKeyFile is the name of the file
> > > > >> containing
> > > > >>                 # the servers private key. It is sometimes in the
> >
> > same
> >
> > > > >> file
> > > > >>                 # as the server certificate
>
> (EAPTLS_CertificateFile)
>
> > > > >>                 # If the private key is encrypted (usually the
>
> case)
>
> > > > >>                 # then EAPTLS_PrivateKeyPassword is the key to
> > > > >> descrypt it
> > > > >>                 #EAPTLS_PrivateKeyFile
> > > > >> %D/certificates/cert-srv.pem EAPTLS_PrivateKeyFile
> > > > >> %D/certificates/myhost.antlabs.com.key
> > > > >>                 #EAPTLS_PrivateKeyFile
> > > > >> /etc/radiator/certificates/myhost.antlabs.com.key
> > > > >> #               EAPTLS_PrivateKeyFile %D/certificates/myhost.pem
> > > > >>                 #EAPTLS_PrivateKeyPassword whatever
> > > > >>                 EAPTLS_PrivateKeyPassword hiddenpassword
> > > > >>
> > > > >> Debuging info:
> > > > >>
> > > > >> [root at AAA Radiator-3.9]# ./radiusd -foreground  -config_file
> >
> > ./tt1.cfg
> >
> > > > >> Fri Aug  6 23:04:27 2004: DEBUG: Finished reading configuration
>
> file
>
> > > > >> './tt1.cfg'
> > > > >> Fri Aug  6 23:04:27 2004: DEBUG: Reading dictionary file
> > > > >> '/usr/src/802/radiator/Radiator-3.9/dictionary'
> > > > >> Fri Aug  6 23:04:27 2004: DEBUG: Creating authentication port
> > > > >> 0.0.0.0:1812
> > > > >> Fri Aug  6 23:04:27 2004: DEBUG: Creating accounting port
> >
> > 0.0.0.0:1813
> >
> > > > >> Fri Aug  6 23:04:27 2004: NOTICE: Server started: Radiator 3.9 on
> > > > >> AAA
> > > > >>
> > > > >>
> > > > >>
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Packet dump:
> > > > >> *** Received from 192.168.123.9 port 1814 ....
> > > > >>
> > > > >> Packet length = 266
> > > > >> 01 2a 01 0a 6b 23 57 6b 5f b8 ea 46 bd 67 35 ac
> > > > >> 73 e7 51 2a 01 07 68 65 6c 6c 6f 1a 36 00 00 37
> > > > >> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
> > > > >> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
> > > > >> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
> > > > >> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
> > > > >> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
> > > > >> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
> > > > >> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
> > > > >> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
> > > > >> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
> > > > >> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
> > > > >> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
> > > > >> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
> > > > >> 38 30 32 2e 31 31 62 4f 0c 02 01 00 0a 01 68 65
> > > > >> 6c 6c 6f 50 12 a3 6c 26 6a 29 c3 cf 09 f1 3a af
> > > > >> e2 a7 d9 7a 27 21 05 31 35 35
> > > > >> Code:       Access-Request
> > > > >> Identifier: 42
> > > > >> Authentic:  k#Wk_<184><234>F<189>g5<172>s<231>Q*
> > > > >> Attributes:
> > > > >>         User-Name = "hello"
> > > > >>         WISPr-Location-ID =
> > > > >> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> > > > >>         WISPr-Location-Name = "operator,location"
> > > > >>         NAS-IP-Address = 10.0.0.1
> > > > >>         Service-Type = Framed-User
> > > > >>         NAS-Port = 3
> > > > >>         NAS-Port-Id = "3"
> > > > >>         Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > > >>         Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > > >>         Framed-MTU = 1400
> > > > >>         NAS-Port-Type = Wireless-IEEE-802-11
> > > > >>         NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > > >>         Connect-Info = "CONNECT 11Mbps 802.11b"
> > > > >>         EAP-Message = <2><1><0><10><1>hello
> > > > >>         Message-Authenticator =
> > > > >> <163>l&j)<195><207><9><241>:<175><226><167><217>z'
> > > > >>         Proxy-State = 155
> > > > >>
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Handling request with Handler ''
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG:  Deleting session for hello,
> > > > >> 10.0.0.1, 3
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Handling with EAP: code 2, 1, 10
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Response type 1
> > > > >> Fri Aug  6 23:04:50 2004: ERR: TLS could not
load_verify_locations
>
> ,
>
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG: EAP result: 1, EAP TLS Could not
> > > > >> initialise
> > > > >> context
> > > > >> Fri Aug  6 23:04:50 2004: INFO: Access rejected for hello: EAP
TLS
> > > > >> Could not
> > > > >> initialise context
> > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Packet dump:
> > > > >> *** Sending to 192.168.123.9 port 1814 ....
> > > > >>
> > > > >> Packet length = 41
> > > > >> 03 2a 00 29 de 49 a8 63 73 f4 3d 7e 46 3b f0 77
> > > > >> f0 4e 7e 85 12 10 52 65 71 75 65 73 74 20 44 65
> > > > >> 6e 69 65 64 21 05 31 35 35
> > > > >> Code:       Access-Reject
> > > > >> Identifier: 42
> > > > >> Authentic:  k#Wk_<184><234>F<189>g5<172>s<231>Q*
> > > > >> Attributes:
> > > > >>         Reply-Message = "Request Denied"
> > > > >>         Proxy-State = 155
> > > > >>
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Packet dump:
> > > > >> *** Received from 192.168.123.9 port 1814 ....
> > > > >>
> > > > >> Packet length = 266
> > > > >> 01 2b 01 0a 64 a2 eb e1 33 a6 36 6a ea dd 0b e5
> > > > >> be e9 8b 22 01 07 73 63 6f 74 74 1a 36 00 00 37
> > > > >> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
> > > > >> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
> > > > >> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
> > > > >> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
> > > > >> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
> > > > >> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
> > > > >> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
> > > > >> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
> > > > >> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
> > > > >> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
> > > > >> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
> > > > >> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
> > > > >> 38 30 32 2e 31 31 62 4f 0c 02 02 00 0a 01 73 63
> > > > >> 6f 74 74 50 12 80 4b 89 4b 8f ad 7a c7 a3 d5 a6
> > > > >> 5e b0 d6 23 19 21 05 31 35 36
> > > > >> Code:       Access-Request
> > > > >> Identifier: 43
> > > > >> Authentic:
> > > > >> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
> > > > >> Attributes:
> > > > >>         User-Name = "scott"
> > > > >>         WISPr-Location-ID =
> > > > >> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> > > > >>         WISPr-Location-Name = "operator,location"
> > > > >>         NAS-IP-Address = 10.0.0.1
> > > > >>         Service-Type = Framed-User
> > > > >>         NAS-Port = 3
> > > > >>         NAS-Port-Id = "3"
> > > > >>         Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > > >>         Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > > >>         Framed-MTU = 1400
> > > > >>         NAS-Port-Type = Wireless-IEEE-802-11
> > > > >>         NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > > >>         Connect-Info = "CONNECT 11Mbps 802.11b"
> > > > >>         EAP-Message = <2><2><0><10><1>scott
> > > > >>         Message-Authenticator =
> > > > >> <128>K<137>K<143><173>z<199><163><213><166>^<176><214>#<25>
> > > > >>         Proxy-State = 156
> > > > >>
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Handling request with Handler ''
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG:  Deleting session for scott,
> > > > >> 10.0.0.1, 3
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Handling with EAP: code 2, 2, 10
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Response type 1
> > > > >> Fri Aug  6 23:05:05 2004: ERR: TLS could not
load_verify_locations
>
> ,
>
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG: EAP result: 1, EAP TLS Could not
> > > > >> initialise
> > > > >> context
> > > > >> Fri Aug  6 23:05:05 2004: INFO: Access rejected for scott: EAP
TLS
> > > > >> Could not
> > > > >> initialise context
> > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Packet dump:
> > > > >> *** Sending to 192.168.123.9 port 1814 ....
> > > > >>
> > > > >> Packet length = 41
> > > > >> 03 2b 00 29 43 89 dc ac 25 80 f5 79 2e df dc b9
> > > > >> 46 58 5b 41 12 10 52 65 71 75 65 73 74 20 44 65
> > > > >> 6e 69 65 64 21 05 31 35 36
> > > > >> Code:       Access-Reject
> > > > >> Identifier: 43
> > > > >> Authentic:
> > > > >> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
> > > > >> Attributes:
> > > > >>         Reply-Message = "Request Denied"
> > > > >>         Proxy-State = 156
> > > > >>
> > > > >>
> > > > >> [root at AAA Radiator-3.9]#
> > > > >>
> > > > >> [root at AAA certificates]# ls
> > > > >> cert-clt.p12  demoCA                   myhost.antlabs.com.pem
> > > > >> root.pem
> > > > >> cert-clt.pem  myhost.antlabs.com.crt  README
> > > > >> cert-srv.pem  myhost.antlabs.com.key  root.der
> > > > >> [root at AAA certificates]#
> > > > >>
> > > > >>
> > > > >>
> > > > >> -----Original Message-----
> > > > >> From: owner-radiator at open.com.au
> >
> > [mailto:owner-radiator at open.com.au]On
> >
> > > > >> Behalf Of Bon sy
> > > > >> Sent: Tuesday, August 03, 2004 7:10 PM
> > > > >> To: Terry Simons
> > > > >> Cc: scottxiao at antlabs.com; radiator at open.com.au
> > > > >> Subject: Re: (RADIATOR) SSL certificate for 802.1x
> > > > >> PEAP/aironet1100 WLAN
> > > > >>
> > > > >>
> > > > >> Hi Scott and Terry,
> > > > >>
> > > > >> 	If your main concern is the cost as Terry mentioned, you may
want
> > > > >> to consider building your own CA using openssl. If a moderate
cost
> > > > >> investment may fit your budget, you may want to look into CATool
> > > > >> as Mike/Hugh has suggested previously.
> > > > >>
> > > > >> 	We have tried and used both. Building your own CA using openssl
> > > > >> is more involved --- and obviously you have to provide your own
> >
> > technical
> >
> > > > >> support --- in comparing to using CATool. If you do want to build
> >
> > your
> >
> > > > >> own
> > > > >> CA using openssl and to avoid the frustration causing your late
> > > > >> night sleepless symtom, we find it important to build up the
>
> comfort
>
> > > > >> level on
> > > > >> openssl, perl, and Linux, and definitely read up a lot from the
> > > > >> mailing
> > > > >> list, before doing it.
> > > > >>
> > > > >> Bon
> > > > >>
> > > > >> On Mon, 2 Aug 2004, Terry Simons wrote:
> > > > >>> Hi Scott,
> > > > >>>
> > > > >>> You *can* reuse a server certificate in another location later.
> > > > >>>
> > > > >>> The domain name has no real significance, except that you need
to
> > > > >>> verify it on the client to ensure that your clients are secure.
> > > > >>> The domain can be whatever you like, and can exist on multiple
> >
> > servers...
> >
> > > > >>> there is no inherent tie to any given server.
> > > > >>>
> > > > >>> That said, it is probably *not* a good idea to reuse
certificates
> > > > >>> in a
> > > > >>> production environment, but it does work.
> > > > >>>
> > > > >>> Is the main reason why you are purchasing certificates to ensure
> >
> > that
> >
> > > > >>> the client has a pre-installed CA certificate that will verify
>
> your
>
> > > > >>> certificate, or for some other reason?
> > > > >>>
> > > > >>> If your main concern is the cost, you should probably consider
> > > > >>> rolling
> > > > >>> your own certificates.
> > > > >>>
> > > > >>> - Terry
> > > > >>>
> > > > >>> On Aug 2, 2004, at 8:59 PM, Scott Xiao - ANTlabs wrote:
> > > > >>>> Hi,
> > > > >>>> Can any of you recommend one workable Radius(Radiator) server
> > > > >>>> certificate
> > > > >>>> besides Verisign?I want to buy a cheaper one,use it in  802.1x
> > > > >>>> PEAP WLAN
> > > > >>>> hotspot.If I use it for domain "hostname.mydomain.com" ,can I
> > > > >>>> use the
> > > > >>>> same
> > > > >>>> certificate in future if I deploy a same WLAN in another place
> >
> > which
> >
> > > > >>>> will
> > > > >>>> still use the same domain name?Thanks!
> > > > >>>> Rgds
> > > > >>>> Scott Xiao
> > > > >>>> -----Original Message-----
> > > > >>>> From: owner-radiator at open.com.au
> > > > >>>> [mailto:owner-radiator at open.com.au]On
> > > > >>>> Behalf Of Terry Simons
> > > > >>>> Sent: Thursday, July 29, 2004 1:15 PM
> > > > >>>> To: Christian Wiedmann
> > > > >>>> Cc: radiator at open.com.au
> > > > >>>> Subject: Re: (RADIATOR) SSL certificate for 802.1x
> > > > >>>> PEAP/aironet1100 WLAN
> > > > >>>>
> > > > >>>>
> > > > >>>> Hi,
> > > > >>>>
> > > > >>>> On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:
> > > > >>>>> As far as I know, the XP server extension OID is the one that
> > > > >>>>> is also
> > > > >>>>> used for web servers.  Therefore, a web server certificate
>
> should
>
> > > > >>>>> work.
> > > > >>>>
> > > > >>>> This is true.  There is one thing that people should probably
be
> > > > >>>> aware
> > > > >>>> of, however.
> > > > >>>>
> > > > >>>> At the last Networld + Interop HotStage, we did some extensive
> > > > >>>> testing
> > > > >>>> with this and it was determined that what should probably
happen
> > > > >>>> is to
> > > > >>>> officially apply for some OIDs for 802.1X authentication
> > > > >>>> servers. One
> > > > >>>> of the HotStage members that is involved in the IETF and the
> > > > >>>> IEEE
> >
> > is
> >
> > > > >>>> pushing that a bit, so it could be the case that a "proper" OID
> > > > >>>> set will come out in the future.  It could be a ways out, but I
> > > > >>>> personally
> > > > >>>> hope that it happens so we can have an "official" way of
> > > > >>>> creating "802.1X authentication" certificates.
> > > > >>>>
> > > > >>>> - Terry
> > > > >>>>
> > > > >>>>> For what it's worth, I've successfully used a Verisign web
>
> server
>
> > > > >>>>> certificate
> > > > >>>>> for PEAP authentication against Windows XP SP1.  I think
> > > > >>>>> there's a good
> > > > >>>>> chance a freessl certificate would work too.
> > > > >>>>>
> > > > >>>>> 	-Christian
> > > > >>>>>
> > > > >>>>> ref.:
> > > > >>>>> http://support.microsoft.com/?kbid=814394
> > > > >>>>> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
> > > > >>>>> http://www.ietf.org/rfc/rfc2459.txt
> > > > >>>>>
> > > > >>>>> On Wed, 28 Jul 2004, Mike McCauley wrote:
> > > > >>>>>> Date: Wed, 28 Jul 2004 19:35:44 +1000
> > > > >>>>>> From: Mike McCauley <mikem at open.com.au>
> > > > >>>>>> To: scottxiao at antlabs.com
> > > > >>>>>> Cc: Radiator <radiator at open.com.au>
> > > > >>>>>> Subject: Re: (RADIATOR) SSL certificate for  802.1x
> > > > >>>>>> PEAP/aironet1100
> > > > >>>>>> WLAN
> > > > >>>>>>
> > > > >>>>>> Hi Scott,
> > > > >>>>>>
> > > > >>>>>> On Wednesday 28 July 2004 18:41, Scott Xiao  - ANTlabs wrote:
> > > > >>>>>>> Hi,Mike,
> > > > >>>>>>> Thanks, so do you have any suggestion that I can purchase
> > > > >>>>>>> regarding
> > > > >>>>>>> the
> > > > >>>>>>> cert for radius server?Verisign?which type?If you have any
> > > > >>>>>>> recommendation
> > > > >>>>>>> that it works well on Radiator....Thanks
> > > > >>>>>>
> > > > >>>>>> Verisign offer certificates for radius servers, but I dont
> > > > >>>>>> know the
> > > > >>>>>> details of
> > > > >>>>>> how to apply for one. They do work with Radiator. You should
>
> try
>
> > > > >>>>>> to
> > > > >>>>>> get it in
> > > > >>>>>> PEM format.
> > > > >>>>>>
> > > > >>>>>> Cheers.
> > > > >>>>>
> > > > >>>>> --
> > > > >>>>> Archive at http://www.open.com.au/archives/radiator/
> > > > >>>>> Announcements on radiator-announce at open.com.au
> > > > >>>>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >>>>> 'unsubscribe radiator' in the body of the message.
> > > > >>>>
> > > > >>>> --
> > > > >>>> Archive at http://www.open.com.au/archives/radiator/
> > > > >>>> Announcements on radiator-announce at open.com.au
> > > > >>>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >>>> 'unsubscribe radiator' in the body of the message.
> > > > >>>
> > > > >>> --
> > > > >>> Archive at http://www.open.com.au/archives/radiator/
> > > > >>> Announcements on radiator-announce at open.com.au
> > > > >>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >>> 'unsubscribe radiator' in the body of the message.
> > > > >>
> > > > >> --
> > > > >> Archive at http://www.open.com.au/archives/radiator/
> > > > >> Announcements on radiator-announce at open.com.au
> > > > >> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >> 'unsubscribe radiator' in the body of the message.
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Archive at http://www.open.com.au/archives/radiator/
> > > > >> Announcements on radiator-announce at open.com.au
> > > > >> To unsubscribe, email 'majordomo at open.com.au' with
> > > > >> 'unsubscribe radiator' in the body of the message.
> > > > >
> > > > > NB: have you included a copy of your configuration file (no
>
> secrets),
>
> > > > > together with a trace 4 debug showing what is happening?
> > > > >
> > > > > --
> > > > > Radiator: the most portable, flexible and configurable RADIUS
> > > > > server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > > > -
> > > > > Nets: internetwork inventory and management - graphical,
> > > > > extensible, flexible with hardware, software, platform and
database
>
> independence.
>
> > > > > -
> > > > > CATool: Private Certificate Authority for Unix and Unix-like
>
> systems.
>
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > > >
> > > > NB: have you included a copy of your configuration file (no
secrets),
> > > > together with a trace 4 debug showing what is happening?
> > > >
> > > > --
> > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > > -
> > > > Nets: internetwork inventory and management - graphical, extensible,
> > > > flexible with hardware, software, platform and database
independence.
> > > > -
> > > > CATool: Private Certificate Authority for Unix and Unix-like
systems.
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> > > >
> > > >
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > --
> > > Mike McCauley                               mikem at open.com.au
> > > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
WWW
> > > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> >
> > http://www.open.com.au
> >
> > > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> > >
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
TLS,
> > > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > >
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Mike McCauley                               mikem at open.com.au
> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>
> http://www.open.com.au
>
> > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
http://www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list