(RADIATOR) I need a little help with the log file
Mike McCauley
mikem at open.com.au
Mon Apr 4 17:26:01 CDT 2005
Hello Bill,
Looks like your Radiator is incorrectly configured to do EAP authentication.
You should post your Radiator configuration file (no secrets).
Note that there are a number of example configuration files for Handling EAP
with LSA in the goodies directory of your distribution. All of them require
certificates to handle PEAP (the default windows XP protocol).
The example config files work with the sample certificates that we supply in
the distribution.
Perhaps your configuration does not define DbDir to point to the directory
where your certificates are.
You should be able to test with XP by doing:
cd .....\Radiator-3.12
perl radiusd -config goodies/lsa_eap_peap.cfg
Cheers.
On Monday 04 April 2005 23:57, Stewart, Bill wrote:
> Mike,
>
> Thanks, that installed O.K. Now I do need an example for validating
> a wireless XP notebook. I'm sure I'm overlooking something in the .cfg
> file for LSA validation. Here is what I get in the logfile. Looks like it
> is trying to verify via certificates.
>
> Mon Apr 4 09:27:36 2005: DEBUG: Packet dump:
> *** Received from 149.158.3.250 port 1147 ....
> Code: Access-Request
> Identifier: 122
> Authentic: l&<0><0><243>P<0><0>]a<0><0>`<8><0><0>
> Attributes:
> Message-Authenticator =
> %<152>@<249><128>z<169><192><199><167><137><202>
> F<157><18>}
> User-Name = "LAN_KCNT\wjs"
> NAS-IP-Address = 149.158.3.250
> NAS-Port = 2
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00-01-f4-ec-97-29"
> EAP-Message = <2><1><0><17><1>LAN_KCNT\wjs
> Framed-MTU = 1000
>
> Mon Apr 4 09:27:36 2005: DEBUG: Handling request with Handler ''
> Mon Apr 4 09:27:36 2005: DEBUG: Deleting session for LAN_KCNT\wjs,
> 149.158.3.2
> 50, 2
> Mon Apr 4 09:27:36 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Apr 4 09:27:36 2005: DEBUG: Handling with EAP: code 2, 1, 17
> Mon Apr 4 09:27:36 2005: DEBUG: Response type 1
> Mon Apr 4 09:27:36 2005: ERR: TLS could not load_verify_locations
> %D/certificat
> es/demoCA/cacert.pem, : 328: 1 - error:02001003:system library:fopen:No
> such pr
> ocess
> 328: 2 - error:2006D080:BIO routines:BIO_new_file:no such file
> 328: 3 - error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:syste
> m lib
>
> Mon Apr 4 09:27:36 2005: DEBUG: EAP result: 1, EAP TLS Could not
> initialise con
> text
> Mon Apr 4 09:27:36 2005: DEBUG: AuthBy FILE result: REJECT, EAP TLS Could
> not i
> nitialise context
> Mon Apr 4 09:27:36 2005: INFO: Access rejected for LAN_KCNT\wjs: EAP TLS
> Could
> not initialise context
> Mon Apr 4 09:27:36 2005: DEBUG: Packet dump:
> *** Sending to 149.158.3.250 port 1147 ....
> Code: Access-Reject
> Identifier: 122
> Authentic: l&<0><0><243>P<0><0>]a<0><0>`<8><0><0>
> Attributes:
> Reply-Message = "Request Denied"
>
>
> Bill
>
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Saturday, April 02, 2005 6:38 AM
> > To: Stewart, Bill
> > Cc: 'radiator at open.com.au'
> > Subject: Re: (RADIATOR) I need a little help with the log file
> >
> >
> > Hello again,
> >
> > On Saturday 02 April 2005 21:10, Mike McCauley wrote:
> > > Hello Bill,
> > >
> > > You dont have to compile Net::SSLeay.
> > >
> > > There is a precompiled Net::SSLeay PPM for ActiveState on
> >
> > our web site.
> >
> > > Hugh shows the relevant extract from the FAQ.
> > >
> > > Run this command on your Radiator host:
> >
> > Ooops I meant:
> >
> > ppm install
> > http://www.open.com.au/radiator/free-downloads/Net_SSLeay.pm.ppd
> >
> > Cheers.
> >
> > > http://www.open.com.au/radiator/free-downloads/Net_SSLeay.pm.ppd
> > >
> > > It will download and install Net::SSLeay.
> > >
> > > Cheers.
> > >
> > > On Saturday 02 April 2005 04:59, Stewart, Bill wrote:
> > > > I installed openssl, and tried to install Net::SSLeay.
> >
> > When I follow the
> >
> > > > instructions, the nmake command gives me the following error:
> > > >
> > > > 'cl' is not recognized as an internal or external command,
> > > > operable program or batch file.
> > > > NMAKE : fatal error U1077: 'C:\WINDOWS\system32\cmd.exe'
> > :
> > : return code
> > :
> > > > '0x1' Stop.
> > > >
> > > > Any ideas?
> > > >
> > > > Bill
> > > >
> > > > > -----Original Message-----
> > > > > From: Hugh Irvine [mailto:hugh at open.com.au]
> > > > > Sent: Friday, April 01, 2005 3:17 AM
> > > > > To: Stewart, Bill
> > > > > Cc: 'radiator at open.com.au'
> > > > > Subject: Re: (RADIATOR) I need a little help with the log file
> > > > >
> > > > >
> > > > >
> > > > > Hello Bill -
> > > > >
> > > > > As the error message indicates you will need to install
> >
> > Net-SSLeay.
> >
> > > > > See the FAQ ("doc/faq.html"):
> > > > >
> > > > > 140. What do I have to install on Windows for Radiator to
> > > > > authenticate
> > > > > TLS, TTLS and PEAP
> > > > > Radiator requires OpenSSL and the perl Net::SSLeay module to be
> > > > > installed on the radius server in order to support EAP
> >
> > TLS, TTLS or
> >
> > > > > PEAP. All these modules are freely available.
> > > > > 1. Install ActivePerl 5.8.4 from ActiveState
> > > > > 2. Install Win32 OpenSSL v0.9.7e or later from
> > > > > Shining Light
> > > > > Productions
> > > > > 3. Install the Net::SSLeay module using PPM
> > > > > included with ActivePerl:
> > > > >
> > > > > ppm install
> > > > > http://www.open.com.au/radiator/free-downloads/Net_SSLeay.pm.ppd
> > > > >
> > > > > regards
> > > > >
> > > > > Hugh
> > > > >
> > > > > On 31 Mar 2005, at 20:50, Stewart, Bill wrote:
> > > > > > Here are some errors I getting in my logfile (running
> > > > >
> > > > > on windows xp
> > > > >
> > > > > > trying to validate a wireless laptop against a NT domain)
> > > > >
> > > > > Can anyone
> > > > >
> > > > > > help
> > > > > > me?
> > > > > >
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Packet dump:
> > > > > > *** Received from 149.158.3.250 port 1134 ....
> > > > > > Code: Access-Request
> > > > > > Identifier: 109
> > > > > > Authentic: <161>3<0><0>n`<0><0>(]<0><0>7Q<0><0>
> > > > > > Attributes:
> > > > > > Message-Authenticator =
> > > > > > <248><180>&<194>G<228><226>@:<242><174><243><233><143><173>e
> > > > > > User-Name = "LAN_KCNT\wjs"
> > > > > > NAS-IP-Address = 149.158.3.250
> > > > > > NAS-Port = 2
> > > > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > > > > Calling-Station-Id = "00-01-f4-ec-97-29"
> > > > > > EAP-Message = <2><1><0><17><1>LAN_KCNT\wjs
> > > > > > Framed-MTU = 1000
> > > > > >
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Handling request
> >
> > with Handler ''
> >
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Deleting session
> >
> > for LAN_KCNT\wjs,
> >
> > > > > > 149.158.3.250, 2
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Handling with
> >
> > Radius::AuthFILE:
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Handling with EAP:
> >
> > code 2, 1, 17
> >
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Response type 1
> > > > > > Thu Mar 31 13:22:57 2005: ERR: Could not load EAP module
> > > > > > Radius::EAP_25:
> > > > > > Can't load
> >
> > 'C:/Perl/site/lib/auto/Net/SSLeay/SSLeay.dll' for module
> >
> > > > > > Net::SSLeay: load_file:The specified module could not
> >
> > be found at
> >
> > > > > > C:/Perl/lib/DynaLoader.pm line 206.
> > > > > > Compilation failed in require at
> >
> > C:/Perl/site/lib/Radius/EAP_25.pm
> >
> > > > > > line 24.
> > > > > > BEGIN failed--compilation aborted at
> > > > >
> > > > > C:/Perl/site/lib/Radius/EAP_25.pm
> > > > >
> > > > > > line
> > > > > > 24.
> > > > > > Compilation failed in require at (eval 48) line 3.
> > > > > >
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: EAP result: 1, Unsupported
> > > > >
> > > > > default EAP
> > > > >
> > > > > > Response/Identity 25
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: AuthBy FILE result: REJECT,
> > > > > > Unsupported
> > > > > > default EAP Response/Identity 25
> > > > > > Thu Mar 31 13:22:57 2005: INFO: Access rejected for
> >
> > LAN_KCNT\wjs:
> > > > > > Unsupported default EAP Response/Identity 25
> > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Packet dump:
> > > > > > *** Sending to 149.158.3.250 port 1134 ....
> > > > > > Code: Access-Reject
> > > > > > Identifier: 109
> > > > > > Authentic: <161>3<0><0>n`<0><0>(]<0><0>7Q<0><0>
> > > > > > Attributes:
> > > > > > Reply-Message = "Request Denied"
> > > > > >
> > > > > >
> > > > > > Bill Stewart :-)
> > > > > > Kaman Corporation
> > > > > > 1332 Blue Hills Avenue
> > > > > > Bloomfield, Connecticut, 06002
> > > > > > (860) 243-7058
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > > Announcements on radiator-announce at open.com.au
> > > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > > 'unsubscribe radiator' in the body of the message.
> > > > >
> > > > > NB: I am travelling this week, so there may be delays in our
> > > > > correspondence.
> > > > >
> > > > > --
> > > > > Radiator: the most portable, flexible and configurable
> >
> > RADIUS server
> >
> > > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000,
> >
> > NT, MacOS X.
> >
> > > > > -
> > > > > Nets: internetwork inventory and management -
> >
> > graphical, extensible,
> >
> > > > > flexible with hardware, software, platform and database
> >
> > independence.
> >
> > > > > -
> > > > > CATool: Private Certificate Authority for Unix and
> >
> > Unix-like systems.
> >
> > > > --
> > > > Archive at http://www.open.com.au/archives/radiator/
> > > > Announcements on radiator-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Mike McCauley mikem at open.com.au
> > Open System Consultants Pty. Ltd Unix, Perl,
> > Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>
> http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list