(RADIATOR)User authentication succeeded even using wrong password

Mike McCauley mikem at open.com.au
Tue Oct 26 05:40:32 CDT 2004


Hello Scott,


On Tuesday 26 October 2004 19:24, Scott Xiao  - ANTlabs wrote:
> Hi,Mike,
> I found there is a problem in my configuration ,the same system as we
> discussed before as below.The User authentication succeeded even using
> wrong password.Wrong user ID won't pass.What can be the issue in the
> config?Please advise,thanks!

You should post your current configuration file and a log file at trace level 
4 showing the problem to this mailing list.

Cheers.


> Rgds
> Scott
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Scott Xiao - ANTlabs
> Sent: Tuesday, August 17, 2004 10:48 AM
> To: Radiator
> Subject: RE: (RADIATOR) Verisign certificate for Radiator 802.1x PEAP WLAN
>
>
> Hi,
> I got email from Radiator saying "VeriSign has issued your WLAN Server
> Certificate",so I paste the URL and PIN,click "install certificate"
> ,nothing happened.I don't know if the certificate is saved automatically to
> somewhere in my notebook.I went to the server to do the same thing and
> result is the same.Can advise what happened to the server certificate?And
> is private key also saved to local automatically?Thanks!
> Rgds
> Scott
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Scott Xiao - ANTlabs
> Sent: Thursday, August 12, 2004 10:32 AM
> To: Radiator
> Cc: Mike McCauley
> Subject: RE: (RADIATOR) Verisign certificate for Radiator 802.1x PEAP WLAN
>
>
> Hi Mike,I purchased the server certificate from the URL you gave me,and
> then I  got an email from Verign saying the certificate is only compatible
> with Microsoft IAS,is that true?I remember you and Christian mentioned it
> works with Radiator,but where is the private key?Please advise,thanks!
> Rgds
> Scott
> <Email from Verisign:- >
> ++++++++++++++++++++++++
> Dear Scott,
> We unfortunately do not have information regarding Radiator Radius server.
> However,
> the WLAN certificate you have enrolled is only compatible with Microsoft
> Radius server.
> During the enrollment, there is no Certificate Signing Request (CSR) file
> requested and
> the ID will actually install into the Internet Explorer browser. It is
> possible to export the
> certificate but the backup file that is created is only compatible with
> Microsoft server.
>
> So if you have a different web server you are working with, you normally
> have to generate
> a key pair. You would not be able to submit this key pair to us however
> because during
> the enrollment for a WLAN certificate, the CSR is never requested.
>
> We would recommend to contact your server vendor and ask them if a regular
> SSL certificate
> would work for your purposes. The enrollment for the normal SSL
> certificates will always ask for you
> to submit the CSR file on the enrollment page. We would return the
> certificate file to you as a signed
> public key and when you install this, it will have to locate the
> corresponding private key on the server.
>
> If you would like us to cancel this order so that is does not get issued,
> please let us know as soon as
> possible.
>
>
> Thank you,
>
> Frank
>
> VeriSign Customer Support
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Tuesday, August 10, 2004 6:01 PM
> To: scottxiao at antlabs.com
> Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
>
>
> Hello Scott,
>
> On Tuesday 10 August 2004 17:04, Scott Xiao  - ANTlabs wrote:
> > Hi,Mike,
> > Yes,it's AP's log.Ok,I will check that doc to explore the pc's log...
> > Yes,the customer is IDA Singapore(InfoComm Development Authority).This is
>
> a
>
> > very important customer to me,aslo to you,right?
>
> Unfortunately our support team are unable to provide any more free support
> for
> you.
>
> Our staff are currently checking with IDA Singapore to find out if you can
> use
> the support contract that IDA have with us.
> We will let you know when we hear from them.
>
> Cheers.
>
> > Thanks
> > Scott
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Tuesday, August 10, 2004 2:07 PM
> > To: scottxiao at antlabs.com
> > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> >
> >
> > Hello Scott,
> >
> > This looks like a log from your Access Point. Is that true?
> >
> > The problem you are trying to work out is why your PC wireless client is
> > not authenticating.
> >
> > You actually need to look at the logs from the wireless client on the PC
> > that
> > is trying to connect. If your are running a Windows client on XP or
> > similar, see the FAQ item http://www.open.com.au/radiator/faq.html#130
> > for information on how to enable tracing in the Windows client.
> >
> > Can you tell me privately the name of the customer you are working for
> > and the
> > details of their Radiator license? Then I can determine if there is a
> > support
> > contract in place?
> >
> > Cheers.
> >
> > On Tuesday 10 August 2004 15:54, Scott Xiao  - ANTlabs wrote:
> > > Hi,Mike,
> > > Thanks.I make my Gemtek P320 AP by pass the Access Control
> > > Gateway(ANTlabs SG),got the same result.I setup a syslog server,and
> > > here below is the Radius client(AP)'s log information.It mentioned "
> > > Unauthorizing station 00:0c:f1:08:37:bf  " ,that's my PEAP WLAN client
> > > notebook MAC address.Can you advise sth from it?Thanks!
> > > Rgds
> > > Scott /ANTlabs
> > >
> > > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> >
> > 10.0.0.5
> >
> > > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > > 192.168.123.8
> > > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > > 192.168.42.1
> > > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > > 192.168.40.1
> > > Aug 10 13:44:46 local Listening for Syslog messages on IP address:
> > > 192.168.2.111
> > > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203
> > > not supported here
> > > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
> >
> > netlink
> >
> > > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203
> > > not supported here
> > > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
> >
> > netlink
> >
> > > Aug 10 13:44:52 192.168.123.15 last message repeated 4 times
> > > Aug 10 13:44:52 192.168.123.15 [ AAAD ]: Could not extract EAP-Message
> >
> > from
> >
> > > RADIUS message
> > > Aug 10 13:44:52 192.168.123.15 [ AAAD ]:  Unauthorizing station
> > > 00:0c:f1:08:37:bf
> > > Aug 10 13:44:52 192.168.123.15 [ AAAD ]: Removing 00:0c:f1:08:37:bf
> > > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: soft_ap: got INFO
>
> AssocStatus=3
>
> > > addr=00:0c:f1:08:37:bf
> > > Aug 10 13:44:52 192.168.123.15 [ KLOGD ]: ap_hash: unlinking node
> > > flags=11 addr 00:0c:f1:08:37:bf
> > > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11 INFO_AUTH_REQUEST
> > > Aug 10 13:44:53 192.168.123.15 [ AAAD ]: IEEE 802.1X: Start
> > > authentication for new station 00:0c:f1:08:37:bf
> > > Aug 10 13:44:53 192.168.123.15 [ AAAD ]:  Unauthorizing station
> > > 00:0c:f1:08:37:bf
> > > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: soft_ap: got INFO
>
> AssocStatus=1
>
> > > addr=00:0c:f1:08:37:bf
> > > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: ap_hash: linking node
> > > flags=11 addr 00:0c:f1:08:37:bf
> > > Aug 10 13:44:53 192.168.123.15 [ AAAD ]:  Unauthorizing station
> > > 00:0c:f1:08:37:bf
> > > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
> >
> > netlink
> >
> > > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11_onRX: passing EAP to
> >
> > netlink
> >
> > > Aug 10 13:44:53 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203
> > > not supported here
> > > Aug 10 13:45:23 192.168.123.15 last message repeated 2 times
> > > Aug 10 13:45:54 192.168.123.15 last message repeated 10 times
> > > Aug 10 13:45:54 192.168.123.15 [ AAAD ]:  Unauthorizing station
> > > 00:0c:f1:08:37:bf
> > > Aug 10 13:45:54 192.168.123.15 [ KLOGD ]: HR11: onInfoEvent() 0xF203
> > > not supported here
> > > Aug 10 13:46:24 192.168.123.15 last message repeated 2 times
> > >
> > > -----Original Message-----
> > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > Sent: Tuesday, August 10, 2004 5:50 AM
> > > To: scottxiao at antlabs.com
> > > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > >
> > >
> > > Hello Scott,
> > >
> > > Im not able to tell what the problem that the client is complaining
> > > about. You
> > > will probably have to look at the client logs on the client computer.
>
> You
>
> > > can
> > > find information about how to examine client logs files in the Radiator
> >
> > FAQ
> >
> > > http://www.open.com.au/radiator/faq.html
> > >
> > > For prompt guaranteed support you can purchase a support contract, see
> > > http://www.open.com.au/ordering.html
> > >
> > > Cheers.
> > >
> > > On Monday 09 August 2004 21:29, Scott Xiao  - ANTlabs wrote:
> > > > Hi,Mike,
> > > > Thanks!I think the 2nd point you mentioned is a bit possible. The
> > > > certificate is issued to myhost.antlabs.com domain, but the host name
> > > > of the radius server is "aaa" without domain name.So I added some
>
> lines
>
> > > > in
> > >
> > > the
> > >
> > > > hosts file of the server
> > > >
> > > > [root at AAA root]# more /etc/hosts
> > > > 127.0.0.1               localhost
> > > > 192.168.123.18          myhost.antlabs.com
> > > >
> > > > and did 2 commands, HOSTNAME=myhost , DOMAINNAME=antlabs.com
> > > >
> > > > but I still get the same error.
> > > > For the other points, 1. The server certificate is not prviate one,I
> > > > purchased from FreeSSL ; 3.  the date on the server and client are
> > > > the
> > >
> > > same
> > >
> > > > 2.My client is configured to "validate server certificate" without
> > >
> > > choosing
> > >
> > > > "connect to these servers....".What do you mean it's configured to
> > > > limit the server certificate to certain names?How can I check what is
> > > > the name
> > >
> > > in
> > >
> > > > the server certiificate?
> > > > Please advise.Now I am using the purchased the Radiator software
> > > > instead
> > >
> > > of
> > >
> > > > the trail software(That one expired), can I have some other types
> > > > prompt support?Because I need deploy it with 2  days.Thanks!
> > > > Rgds
> > > > Scott
> > > >
> > > > -----Original Message-----
> > > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > > Sent: Monday, August 09, 2004 6:34 PM
> > > > To: scottxiao at antlabs.com
> > > > Cc: Radiator
> > > > Subject: Re: (RADIATOR) Error "TLS could not load_verify_locations" -
> > > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > > >
> > > >
> > > > Hello Scott,
> > > >
> > > > Its hard to be sure since you did not include the whole trace file,
>
> but
>
> > > > this:
> > > > tlsv1 alert access denied
> > > > indicates that the client didnt like the server certificate. Usually
> >
> > this
> >
> > > > is because
> > > >
> > > > 1. you are using a private server certificate but the client does not
> > > > have the
> > > > corresponding root certificate.
> > > > 2. The client is configured to limit the server certificate to
> > > > certain names,
> > > > but the name in the server certificate does not match
> > > > 3. The clock on the client is outside the valid date range of the
> > > > server certificate.
> > > >
> > > > Cheers.
> > > >
> > > > On Monday 09 August 2004 14:44, Scott Xiao  - ANTlabs wrote:
> > > > > Hi,Hugh,
> > > > > Thanks ! I did some update on my config file according to your and
> > > > > Christian's advice,I downloaded the root CA from FreeSSL and saved
>
> in
>
> > > the
> > >
> > > > > certificate directory  as pem format ,and tested again,then I
> > >
> > > encountered
> > >
> > > > > another error " EAP PEAP TLS read failed:  2144: 1 -
> >
> > error:14094419:SSL
> >
> > > > > routines:SSL3_READ_BYTES:tlsv1 alert access denied" , what could be
> >
> > the
> >
> > > > > cause here?Pleaase advise,Thanks a lot!!! Here below is my updated
> > >
> > > config
> > >
> > > > > file(part) and the error log:
> > > > >
> > > > > Config file:
> > > > >
> > > > > EAPType PEAP,MSCHAP-V2
> > > > >
> > > > >                 EAPTLS_CAFile %D/certificates/UTN.pem
> > > > >
> > > > >                 EAPTLS_CertificateFile
> > > > > %D/certificates/myhost.antlabs.com.pem
> > > > >
> > > > >                 EAPTLS_CertificateType PEM
> > > > >
> > > > >                 EAPTLS_PrivateKeyFile
> > > > > %D/certificates/myhost.antlabs.com.key
> > > > >
> > > > >                 EAPTLS_PrivateKeyPassword [password(hidden)]
> > > > >
> > > > > Error Log:
> > > > > Code:       Access-Request
> > > > > Identifier: 52
> > > > > Authentic:  <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
> > > > > Attributes:
> > > > >         User-Name = "hello"
> > > > >         WISPr-Location-ID =
> > > > > "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> > > > > WISPr-Location-Name = "operator,location"
> > > > >         NAS-IP-Address = 10.0.0.1
> > > > >         Service-Type = Framed-User
> > > > >         NAS-Port = 3
> > > > >         NAS-Port-Id = "3"
> > > > >         Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > > >         Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > > >         Framed-MTU = 1400
> > > > >         NAS-Port-Type = Wireless-IEEE-802-11
> > > > >         NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > > >         Connect-Info = "CONNECT 11Mbps 802.11b"
> > > > >         EAP-Message =
>
> <2><10><0>!<25><128><0><0><0><23><21><3><1><0><18>'<245><137><179><200>3<16
>
> > > > >7
> > > > >
> > > > > >nL<133><196>y<243><146>*[m<140>
> > > > >
> > > > >         Message-Authenticator =
> > > > > kW<200><133><164><209>,'<166><19><209><223><197>3h<243>
> > > > >         Proxy-State = 165
> > > > >
> > > > > Mon Aug  9 12:19:41 2004: DEBUG: Handling request with Handler ''
> > > > > Mon Aug  9 12:19:41 2004: DEBUG:  Deleting session for hello,
> >
> > 10.0.0.1,
> >
> > > 3
> > >
> > > > > Mon Aug  9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL
> > > > > Mon Aug  9 12:19:41 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > > Mon Aug  9 12:19:41 2004: DEBUG: Handling with EAP: code 2, 10, 33
> > > > > Mon Aug  9 12:19:41 2004: DEBUG: Response type 25
> > > > > Mon Aug  9 12:19:41 2004: ERR: EAP PEAP TLS read failed:  2144: 1 -
> > > > > error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access
>
> denied
>
> > > > > Mon Aug  9 12:19:41 2004: DEBUG: EAP result: 1, EAP PEAP TLS read
> > > > > failed Mon Aug  9 12:19:41 2004: INFO: Access rejected for hello:
>
> EAP
>
> > > > > PEAP TLS read failed
> > > > > Mon Aug  9 12:19:41 2004: DEBUG: Packet dump:
> > > > > *** Sending to 192.168.123.9 port 1814 ....
> > > > >
> > > > > Packet length = 41
> > > > > 03 34 00 29 d8 e5 80 35 df 65 12 80 66 9f 3e 42
> > > > > 41 03 fe 70 12 10 52 65 71 75 65 73 74 20 44 65
> > > > > 6e 69 65 64 21 05 31 36 35
> > > > > Code:       Access-Reject
> > > > > Identifier: 52
> > > > > Authentic:  <29>rW<223><165><165>,<151><164><138>B_@<194>=<232>
> > > > > Attributes:
> > > > >         Reply-Message = "Request Denied"
> > > > >         Proxy-State = 165
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: owner-radiator at open.com.au
> > > > > [mailto:owner-radiator at open.com.au]On Behalf Of Hugh Irvine
> > > > > Sent: Saturday, August 07, 2004 2:49 PM
> > > > > To: scottxiao at antlabs.com
> > > > > Cc: radiator at open.com.au
> > > > > Subject: Re: (RADIATOR) Error "TLS could not
>
> load_verify_locations" -
>
> > > > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > > > >
> > > > >
> > > > >
> > > > > Hello Scott -
> > > > >
> > > > > The problem is that Radiator cannot find the CA certificates
> > > > > because neither EAPTLS_CAFile nor EAPTLS_CAPath are defined.
> > > > >
> > > > > The example configuration file "goodies/eap_tls.cfg" shows a
> > > > > working example.
> > > > >
> > > > > regards
> > > > >
> > > > > Hugh
> > > > >
> > > > > On 7 Aug 2004, at 13:26, Scott Xiao - ANTlabs wrote:
> > > > > > Thanks Hugh!
> > > > > > But I still don't understand what relationship between that
>
> message
>
> > > > > > and my
> > > > > > problem of PEAP "EAP TLS Could not  initialise context". Since I
> >
> > have
> >
> > > a
> > >
> > > > > > certificate from FreeSSL,do I still need the cert in
> > > > > > "demoCA/cacert.pem"  ?
> > > > > > Do you have a samle configure of using actual certificate instead
> > > > > > of self-signed certificate?Thanks!
> > > > > > Rgds
> > > > > > Scott
> > > > > > -----Original Message-----
> > > > > > From: Hugh Irvine [mailto:hugh at open.com.au]
> > > > > > Sent: Saturday, August 07, 2004 7:32 AM
> > > > > > To: scottxiao at antlabs.com
> > > > > > Cc: radiator at open.com.au
> > > > > > Subject: Re: (RADIATOR) Error "TLS could not
> >
> > load_verify_locations" -
> >
> > > > > > FreeSSL certificate for Radiator 802.1x PEAP/aironet1100 WLAN
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hello Scott -
> > > > > >
> > > > > > The complete message is this:
> > > > > >
> > > > > > TLS.pm:     $parent->log($main::LOG_ERR, "TLS could not
> > > > > > load_verify_locations $parent->{EAPTLS_CAFile},
> > > > > > $parent->{EAPTLS_CAPath}: $errs");
> > > > > >
> > > > > > See the example configuration file in "goodies/eap_tls.cfg".
> > > > > >
> > > > > > Here is the relevant section:
> > > > > >
> > > > > >                  # EAPTLS_CAFile is the name of a file of CA
> > > > > > certificates
> > > > > >                  # in PEM format. The file can contain several CA
> > > > > > certificates
> > > > > >                  # Radiator will first look in EAPTLS_CAFile then
> > > > > > in # EAPTLS_CAPath, so there usually is no need to set both
> > > > > >                  EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> > > > > >
> > > > > >                  # EAPTLS_CAPath is the name of a directory
> > > > > > containing CA
> > > > > >                  # certificates (and possible CRLs) in PEM
> > > > > > format. The files each contain one
> > > > > >                  # CA certificate. The files are looked up by the
> > > > > > CA # subject name hash value
> > > > > > #               EAPTLS_CAPath %D/certificates/demoCA
> > > > > >
> > > > > > regards
> > > > > >
> > > > > > Hugh
> > > > > >
> > > > > > On 7 Aug 2004, at 01:22, Scott Xiao - ANTlabs wrote:
> > > > > >> Hi,
> > > > > >> Thanks for all the help on my timer issue,PEAP,acct stop
>
> issue,all
>
> > > > > >> those
> > > > > >> resolved.
> > > > > >> The current issue is,I got an error of "TLS could not
> > > > > >> load_verify_locations"
> > > > > >> with an actually certificate,see the config file and debug
> > > > > >> below. I purchased a server ceriticate from freessl.com , copy
> > > > > >> the text part of the
> > > > > >> cert into a text file and saved in the certificate directory of
> > > > > >> radiator as
> > > > > >> a .pem file, together with the private key file (.key file).Then
>
> I
>
> > > > > >> modified
> > > > > >> the config file  to point the path to the certificate
> > > > > >> directory,instead of
> > > > > >> using the sample certificates.I found the sample pem file has 2
> > > > > >> parts,public
> > > > > >> key and private key inside,while my pem file (server cert) has
> > > > > >> only one
> > > > > >> part,which is the server server cert itself.But I don't think
>
> it's
>
> > > > > >> issue
> > > > > >> since the comments in the file says it could be the same file
> > > > > >> for the keys.Then I tested,and got the error as mentioned.Can
> > > > > >> you
> >
> > advise
> >
> > > > > >> what 's the
> > > > > >> problem?FreeSSL's webserver cert should work in this
> > >
> > > senario,right?How
> > >
> > > > > >> to
> > > > > >> make a pem file to have 2 parts like the samle one?Thanks!!
> > > > > >> Rgds
> > > > > >> Scott
> > > > > >>
> > > > > >>
> > > > > >> config file:
> > > > > >>
> > > > > >>   EAPType PEAP,MSCHAP-V2
> > > > > >>
> > > > > >>
> > > > > >>                 EAPTLS_CertificateFile
> > > > > >> %D/certificates/myhost.antlabs.com.pem
> > > > > >>
> > > > > >>                 EAPTLS_CertificateType PEM
> > > > > >>                 #EAPTLS_CertificateType CRT
> > > > > >>
> > > > > >>                 # EAPTLS_PrivateKeyFile is the name of the file
> > > > > >> containing
> > > > > >>                 # the servers private key. It is sometimes in
> > > > > >> the
> > >
> > > same
> > >
> > > > > >> file
> > > > > >>                 # as the server certificate
> >
> > (EAPTLS_CertificateFile)
> >
> > > > > >>                 # If the private key is encrypted (usually the
> >
> > case)
> >
> > > > > >>                 # then EAPTLS_PrivateKeyPassword is the key to
> > > > > >> descrypt it
> > > > > >>                 #EAPTLS_PrivateKeyFile
> > > > > >> %D/certificates/cert-srv.pem EAPTLS_PrivateKeyFile
> > > > > >> %D/certificates/myhost.antlabs.com.key
> > > > > >>                 #EAPTLS_PrivateKeyFile
> > > > > >> /etc/radiator/certificates/myhost.antlabs.com.key
> > > > > >> #               EAPTLS_PrivateKeyFile %D/certificates/myhost.pem
> > > > > >>                 #EAPTLS_PrivateKeyPassword whatever
> > > > > >>                 EAPTLS_PrivateKeyPassword hiddenpassword
> > > > > >>
> > > > > >> Debuging info:
> > > > > >>
> > > > > >> [root at AAA Radiator-3.9]# ./radiusd -foreground  -config_file
> > >
> > > ./tt1.cfg
> > >
> > > > > >> Fri Aug  6 23:04:27 2004: DEBUG: Finished reading configuration
> >
> > file
> >
> > > > > >> './tt1.cfg'
> > > > > >> Fri Aug  6 23:04:27 2004: DEBUG: Reading dictionary file
> > > > > >> '/usr/src/802/radiator/Radiator-3.9/dictionary'
> > > > > >> Fri Aug  6 23:04:27 2004: DEBUG: Creating authentication port
> > > > > >> 0.0.0.0:1812
> > > > > >> Fri Aug  6 23:04:27 2004: DEBUG: Creating accounting port
> > >
> > > 0.0.0.0:1813
> > >
> > > > > >> Fri Aug  6 23:04:27 2004: NOTICE: Server started: Radiator 3.9
> > > > > >> on AAA
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Packet dump:
> > > > > >> *** Received from 192.168.123.9 port 1814 ....
> > > > > >>
> > > > > >> Packet length = 266
> > > > > >> 01 2a 01 0a 6b 23 57 6b 5f b8 ea 46 bd 67 35 ac
> > > > > >> 73 e7 51 2a 01 07 68 65 6c 6c 6f 1a 36 00 00 37
> > > > > >> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
> > > > > >> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
> > > > > >> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
> > > > > >> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
> > > > > >> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
> > > > > >> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
> > > > > >> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
> > > > > >> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
> > > > > >> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
> > > > > >> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
> > > > > >> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
> > > > > >> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
> > > > > >> 38 30 32 2e 31 31 62 4f 0c 02 01 00 0a 01 68 65
> > > > > >> 6c 6c 6f 50 12 a3 6c 26 6a 29 c3 cf 09 f1 3a af
> > > > > >> e2 a7 d9 7a 27 21 05 31 35 35
> > > > > >> Code:       Access-Request
> > > > > >> Identifier: 42
> > > > > >> Authentic:  k#Wk_<184><234>F<189>g5<172>s<231>Q*
> > > > > >> Attributes:
> > > > > >>         User-Name = "hello"
> > > > > >>         WISPr-Location-ID =
> > > > > >> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> > > > > >>         WISPr-Location-Name = "operator,location"
> > > > > >>         NAS-IP-Address = 10.0.0.1
> > > > > >>         Service-Type = Framed-User
> > > > > >>         NAS-Port = 3
> > > > > >>         NAS-Port-Id = "3"
> > > > > >>         Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > > > >>         Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > > > >>         Framed-MTU = 1400
> > > > > >>         NAS-Port-Type = Wireless-IEEE-802-11
> > > > > >>         NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > > > >>         Connect-Info = "CONNECT 11Mbps 802.11b"
> > > > > >>         EAP-Message = <2><1><0><10><1>hello
> > > > > >>         Message-Authenticator =
> > > > > >> <163>l&j)<195><207><9><241>:<175><226><167><217>z'
> > > > > >>         Proxy-State = 155
> > > > > >>
> > > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Handling request with Handler
> > > > > >> '' Fri Aug  6 23:04:50 2004: DEBUG:  Deleting session for hello,
> > > > > >> 10.0.0.1, 3
> > > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL
> > > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Handling with EAP: code 2, 1,
> > > > > >> 10 Fri Aug  6 23:04:50 2004: DEBUG: Response type 1
> > > > > >> Fri Aug  6 23:04:50 2004: ERR: TLS could not
>
> load_verify_locations
>
> > ,
> >
> > > > > >> Fri Aug  6 23:04:50 2004: DEBUG: EAP result: 1, EAP TLS Could
> > > > > >> not initialise
> > > > > >> context
> > > > > >> Fri Aug  6 23:04:50 2004: INFO: Access rejected for hello: EAP
>
> TLS
>
> > > > > >> Could not
> > > > > >> initialise context
> > > > > >> Fri Aug  6 23:04:50 2004: DEBUG: Packet dump:
> > > > > >> *** Sending to 192.168.123.9 port 1814 ....
> > > > > >>
> > > > > >> Packet length = 41
> > > > > >> 03 2a 00 29 de 49 a8 63 73 f4 3d 7e 46 3b f0 77
> > > > > >> f0 4e 7e 85 12 10 52 65 71 75 65 73 74 20 44 65
> > > > > >> 6e 69 65 64 21 05 31 35 35
> > > > > >> Code:       Access-Reject
> > > > > >> Identifier: 42
> > > > > >> Authentic:  k#Wk_<184><234>F<189>g5<172>s<231>Q*
> > > > > >> Attributes:
> > > > > >>         Reply-Message = "Request Denied"
> > > > > >>         Proxy-State = 155
> > > > > >>
> > > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Packet dump:
> > > > > >> *** Received from 192.168.123.9 port 1814 ....
> > > > > >>
> > > > > >> Packet length = 266
> > > > > >> 01 2b 01 0a 64 a2 eb e1 33 a6 36 6a ea dd 0b e5
> > > > > >> be e9 8b 22 01 07 73 63 6f 74 74 1a 36 00 00 37
> > > > > >> 2a 01 30 69 73 6f 63 63 3d 28 6e 75 6c 6c 29 2c
> > > > > >> 63 63 3d 28 6e 75 6c 6c 29 2c 61 63 3d 28 6e 75
> > > > > >> 6c 6c 29 2c 6e 65 74 77 6f 72 6b 3d 47 45 4d 31
> > > > > >> 58 1a 19 00 00 37 2a 02 13 6f 70 65 72 61 74 6f
> > > > > >> 72 2c 6c 6f 63 61 74 69 6f 6e 04 06 0a 00 00 01
> > > > > >> 06 06 00 00 00 02 05 06 00 00 00 03 57 03 33 1e
> > > > > >> 19 30 30 2d 39 30 2d 34 42 2d 37 42 2d 41 31 2d
> > > > > >> 43 30 3a 47 45 4d 31 58 1f 13 30 30 2d 30 43 2d
> > > > > >> 46 31 2d 30 38 2d 33 37 2d 42 46 0c 06 00 00 05
> > > > > >> 78 3d 06 00 00 00 13 20 18 30 30 2d 39 30 2d 34
> > > > > >> 62 2d 37 62 2d 61 31 2d 63 30 3a 50 33 32 30 4d
> > > > > >> 18 43 4f 4e 4e 45 43 54 20 31 31 4d 62 70 73 20
> > > > > >> 38 30 32 2e 31 31 62 4f 0c 02 02 00 0a 01 73 63
> > > > > >> 6f 74 74 50 12 80 4b 89 4b 8f ad 7a c7 a3 d5 a6
> > > > > >> 5e b0 d6 23 19 21 05 31 35 36
> > > > > >> Code:       Access-Request
> > > > > >> Identifier: 43
> > > > > >> Authentic:
> > > > > >> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
> > > > > >> Attributes:
> > > > > >>         User-Name = "scott"
> > > > > >>         WISPr-Location-ID =
> > > > > >> "isocc=(null),cc=(null),ac=(null),network=GEM1X"
> > > > > >>         WISPr-Location-Name = "operator,location"
> > > > > >>         NAS-IP-Address = 10.0.0.1
> > > > > >>         Service-Type = Framed-User
> > > > > >>         NAS-Port = 3
> > > > > >>         NAS-Port-Id = "3"
> > > > > >>         Called-Station-Id = "00-90-4B-7B-A1-C0:GEM1X"
> > > > > >>         Calling-Station-Id = "00-0C-F1-08-37-BF"
> > > > > >>         Framed-MTU = 1400
> > > > > >>         NAS-Port-Type = Wireless-IEEE-802-11
> > > > > >>         NAS-Identifier = "00-90-4b-7b-a1-c0:P320"
> > > > > >>         Connect-Info = "CONNECT 11Mbps 802.11b"
> > > > > >>         EAP-Message = <2><2><0><10><1>scott
> > > > > >>         Message-Authenticator =
> > > > > >> <128>K<137>K<143><173>z<199><163><213><166>^<176><214>#<25>
> > > > > >>         Proxy-State = 156
> > > > > >>
> > > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Handling request with Handler
> > > > > >> '' Fri Aug  6 23:05:05 2004: DEBUG:  Deleting session for scott,
> > > > > >> 10.0.0.1, 3
> > > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL
> > > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Handling with EAP: code 2, 2,
> > > > > >> 10 Fri Aug  6 23:05:05 2004: DEBUG: Response type 1
> > > > > >> Fri Aug  6 23:05:05 2004: ERR: TLS could not
>
> load_verify_locations
>
> > ,
> >
> > > > > >> Fri Aug  6 23:05:05 2004: DEBUG: EAP result: 1, EAP TLS Could
> > > > > >> not initialise
> > > > > >> context
> > > > > >> Fri Aug  6 23:05:05 2004: INFO: Access rejected for scott: EAP
>
> TLS
>
> > > > > >> Could not
> > > > > >> initialise context
> > > > > >> Fri Aug  6 23:05:05 2004: DEBUG: Packet dump:
> > > > > >> *** Sending to 192.168.123.9 port 1814 ....
> > > > > >>
> > > > > >> Packet length = 41
> > > > > >> 03 2b 00 29 43 89 dc ac 25 80 f5 79 2e df dc b9
> > > > > >> 46 58 5b 41 12 10 52 65 71 75 65 73 74 20 44 65
> > > > > >> 6e 69 65 64 21 05 31 35 36
> > > > > >> Code:       Access-Reject
> > > > > >> Identifier: 43
> > > > > >> Authentic:
> > > > > >> d<162><235><225>3<166>6j<234><221><11><229><190><233><139>"
> > > > > >> Attributes:
> > > > > >>         Reply-Message = "Request Denied"
> > > > > >>         Proxy-State = 156
> > > > > >>
> > > > > >>
> > > > > >> [root at AAA Radiator-3.9]#
> > > > > >>
> > > > > >> [root at AAA certificates]# ls
> > > > > >> cert-clt.p12  demoCA                   myhost.antlabs.com.pem
> > > > > >> root.pem
> > > > > >> cert-clt.pem  myhost.antlabs.com.crt  README
> > > > > >> cert-srv.pem  myhost.antlabs.com.key  root.der
> > > > > >> [root at AAA certificates]#
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> -----Original Message-----
> > > > > >> From: owner-radiator at open.com.au
> > >
> > > [mailto:owner-radiator at open.com.au]On
> > >
> > > > > >> Behalf Of Bon sy
> > > > > >> Sent: Tuesday, August 03, 2004 7:10 PM
> > > > > >> To: Terry Simons
> > > > > >> Cc: scottxiao at antlabs.com; radiator at open.com.au
> > > > > >> Subject: Re: (RADIATOR) SSL certificate for 802.1x
> > > > > >> PEAP/aironet1100 WLAN
> > > > > >>
> > > > > >>
> > > > > >> Hi Scott and Terry,
> > > > > >>
> > > > > >> 	If your main concern is the cost as Terry mentioned, you may
>
> want
>
> > > > > >> to consider building your own CA using openssl. If a moderate
>
> cost
>
> > > > > >> investment may fit your budget, you may want to look into CATool
> > > > > >> as Mike/Hugh has suggested previously.
> > > > > >>
> > > > > >> 	We have tried and used both. Building your own CA using openssl
> > > > > >> is more involved --- and obviously you have to provide your own
> > >
> > > technical
> > >
> > > > > >> support --- in comparing to using CATool. If you do want to
> > > > > >> build
> > >
> > > your
> > >
> > > > > >> own
> > > > > >> CA using openssl and to avoid the frustration causing your late
> > > > > >> night sleepless symtom, we find it important to build up the
> >
> > comfort
> >
> > > > > >> level on
> > > > > >> openssl, perl, and Linux, and definitely read up a lot from the
> > > > > >> mailing
> > > > > >> list, before doing it.
> > > > > >>
> > > > > >> Bon
> > > > > >>
> > > > > >> On Mon, 2 Aug 2004, Terry Simons wrote:
> > > > > >>> Hi Scott,
> > > > > >>>
> > > > > >>> You *can* reuse a server certificate in another location later.
> > > > > >>>
> > > > > >>> The domain name has no real significance, except that you need
>
> to
>
> > > > > >>> verify it on the client to ensure that your clients are secure.
> > > > > >>> The domain can be whatever you like, and can exist on multiple
> > >
> > > servers...
> > >
> > > > > >>> there is no inherent tie to any given server.
> > > > > >>>
> > > > > >>> That said, it is probably *not* a good idea to reuse
>
> certificates
>
> > > > > >>> in a
> > > > > >>> production environment, but it does work.
> > > > > >>>
> > > > > >>> Is the main reason why you are purchasing certificates to
> > > > > >>> ensure
> > >
> > > that
> > >
> > > > > >>> the client has a pre-installed CA certificate that will verify
> >
> > your
> >
> > > > > >>> certificate, or for some other reason?
> > > > > >>>
> > > > > >>> If your main concern is the cost, you should probably consider
> > > > > >>> rolling
> > > > > >>> your own certificates.
> > > > > >>>
> > > > > >>> - Terry
> > > > > >>>
> > > > > >>> On Aug 2, 2004, at 8:59 PM, Scott Xiao - ANTlabs wrote:
> > > > > >>>> Hi,
> > > > > >>>> Can any of you recommend one workable Radius(Radiator) server
> > > > > >>>> certificate
> > > > > >>>> besides Verisign?I want to buy a cheaper one,use it in  802.1x
> > > > > >>>> PEAP WLAN
> > > > > >>>> hotspot.If I use it for domain "hostname.mydomain.com" ,can I
> > > > > >>>> use the
> > > > > >>>> same
> > > > > >>>> certificate in future if I deploy a same WLAN in another place
> > >
> > > which
> > >
> > > > > >>>> will
> > > > > >>>> still use the same domain name?Thanks!
> > > > > >>>> Rgds
> > > > > >>>> Scott Xiao
> > > > > >>>> -----Original Message-----
> > > > > >>>> From: owner-radiator at open.com.au
> > > > > >>>> [mailto:owner-radiator at open.com.au]On
> > > > > >>>> Behalf Of Terry Simons
> > > > > >>>> Sent: Thursday, July 29, 2004 1:15 PM
> > > > > >>>> To: Christian Wiedmann
> > > > > >>>> Cc: radiator at open.com.au
> > > > > >>>> Subject: Re: (RADIATOR) SSL certificate for 802.1x
> > > > > >>>> PEAP/aironet1100 WLAN
> > > > > >>>>
> > > > > >>>>
> > > > > >>>> Hi,
> > > > > >>>>
> > > > > >>>> On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:
> > > > > >>>>> As far as I know, the XP server extension OID is the one that
> > > > > >>>>> is also
> > > > > >>>>> used for web servers.  Therefore, a web server certificate
> >
> > should
> >
> > > > > >>>>> work.
> > > > > >>>>
> > > > > >>>> This is true.  There is one thing that people should probably
>
> be
>
> > > > > >>>> aware
> > > > > >>>> of, however.
> > > > > >>>>
> > > > > >>>> At the last Networld + Interop HotStage, we did some extensive
> > > > > >>>> testing
> > > > > >>>> with this and it was determined that what should probably
>
> happen
>
> > > > > >>>> is to
> > > > > >>>> officially apply for some OIDs for 802.1X authentication
> > > > > >>>> servers. One
> > > > > >>>> of the HotStage members that is involved in the IETF and the
> > > > > >>>> IEEE
> > >
> > > is
> > >
> > > > > >>>> pushing that a bit, so it could be the case that a "proper"
> > > > > >>>> OID set will come out in the future.  It could be a ways out,
> > > > > >>>> but I personally
> > > > > >>>> hope that it happens so we can have an "official" way of
> > > > > >>>> creating "802.1X authentication" certificates.
> > > > > >>>>
> > > > > >>>> - Terry
> > > > > >>>>
> > > > > >>>>> For what it's worth, I've successfully used a Verisign web
> >
> > server
> >
> > > > > >>>>> certificate
> > > > > >>>>> for PEAP authentication against Windows XP SP1.  I think
> > > > > >>>>> there's a good
> > > > > >>>>> chance a freessl certificate would work too.
> > > > > >>>>>
> > > > > >>>>> 	-Christian
> > > > > >>>>>
> > > > > >>>>> ref.:
> > > > > >>>>> http://support.microsoft.com/?kbid=814394
> > > > > >>>>> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
> > > > > >>>>> http://www.ietf.org/rfc/rfc2459.txt
> > > > > >>>>>
> > > > > >>>>> On Wed, 28 Jul 2004, Mike McCauley wrote:
> > > > > >>>>>> Date: Wed, 28 Jul 2004 19:35:44 +1000
> > > > > >>>>>> From: Mike McCauley <mikem at open.com.au>
> > > > > >>>>>> To: scottxiao at antlabs.com
> > > > > >>>>>> Cc: Radiator <radiator at open.com.au>
> > > > > >>>>>> Subject: Re: (RADIATOR) SSL certificate for  802.1x
> > > > > >>>>>> PEAP/aironet1100
> > > > > >>>>>> WLAN
> > > > > >>>>>>
> > > > > >>>>>> Hi Scott,
> > > > > >>>>>>
> > > > > >>>>>> On Wednesday 28 July 2004 18:41, Scott Xiao  - ANTlabs wrote:
> > > > > >>>>>>> Hi,Mike,
> > > > > >>>>>>> Thanks, so do you have any suggestion that I can purchase
> > > > > >>>>>>> regarding
> > > > > >>>>>>> the
> > > > > >>>>>>> cert for radius server?Verisign?which type?If you have any
> > > > > >>>>>>> recommendation
> > > > > >>>>>>> that it works well on Radiator....Thanks
> > > > > >>>>>>
> > > > > >>>>>> Verisign offer certificates for radius servers, but I dont
> > > > > >>>>>> know the
> > > > > >>>>>> details of
> > > > > >>>>>> how to apply for one. They do work with Radiator. You should
> >
> > try
> >
> > > > > >>>>>> to
> > > > > >>>>>> get it in
> > > > > >>>>>> PEM format.
> > > > > >>>>>>
> > > > > >>>>>> Cheers.
> > > > > >>>>>
> > > > > >>>>> --
> > > > > >>>>> Archive at http://www.open.com.au/archives/radiator/
> > > > > >>>>> Announcements on radiator-announce at open.com.au
> > > > > >>>>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > > >>>>> 'unsubscribe radiator' in the body of the message.
> > > > > >>>>
> > > > > >>>> --
> > > > > >>>> Archive at http://www.open.com.au/archives/radiator/
> > > > > >>>> Announcements on radiator-announce at open.com.au
> > > > > >>>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > > >>>> 'unsubscribe radiator' in the body of the message.
> > > > > >>>
> > > > > >>> --
> > > > > >>> Archive at http://www.open.com.au/archives/radiator/
> > > > > >>> Announcements on radiator-announce at open.com.au
> > > > > >>> To unsubscribe, email 'majordomo at open.com.au' with
> > > > > >>> 'unsubscribe radiator' in the body of the message.
> > > > > >>
> > > > > >> --
> > > > > >> Archive at http://www.open.com.au/archives/radiator/
> > > > > >> Announcements on radiator-announce at open.com.au
> > > > > >> To unsubscribe, email 'majordomo at open.com.au' with
> > > > > >> 'unsubscribe radiator' in the body of the message.
> > > > > >>
> > > > > >>
> > > > > >> --
> > > > > >> Archive at http://www.open.com.au/archives/radiator/
> > > > > >> Announcements on radiator-announce at open.com.au
> > > > > >> To unsubscribe, email 'majordomo at open.com.au' with
> > > > > >> 'unsubscribe radiator' in the body of the message.
> > > > > >
> > > > > > NB: have you included a copy of your configuration file (no
> >
> > secrets),
> >
> > > > > > together with a trace 4 debug showing what is happening?
> > > > > >
> > > > > > --
> > > > > > Radiator: the most portable, flexible and configurable RADIUS
> > > > > > server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > > > > -
> > > > > > Nets: internetwork inventory and management - graphical,
> > > > > > extensible, flexible with hardware, software, platform and
>
> database
>
> > independence.
> >
> > > > > > -
> > > > > > CATool: Private Certificate Authority for Unix and Unix-like
> >
> > systems.
> >
> > > > > > --
> > > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > > Announcements on radiator-announce at open.com.au
> > > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > > 'unsubscribe radiator' in the body of the message.
> > > > >
> > > > > NB: have you included a copy of your configuration file (no
>
> secrets),
>
> > > > > together with a trace 4 debug showing what is happening?
> > > > >
> > > > > --
> > > > > Radiator: the most portable, flexible and configurable RADIUS
> > > > > server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > > > -
> > > > > Nets: internetwork inventory and management - graphical,
> > > > > extensible, flexible with hardware, software, platform and database
>
> independence.
>
> > > > > -
> > > > > CATool: Private Certificate Authority for Unix and Unix-like
>
> systems.
>
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > > >
> > > > --
> > > > Mike McCauley                               mikem at open.com.au
> > > > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
>
> WWW
>
> > > > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > >
> > > http://www.open.com.au
> > >
> > > > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> > > >
> > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
>
> TLS,
>
> > > > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > > >
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > --
> > > Mike McCauley                               mikem at open.com.au
> > > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> > > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> >
> > http://www.open.com.au
> >
> > > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> > >
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > >
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Mike McCauley                               mikem at open.com.au
> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>
> http://www.open.com.au
>
> > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list