(RADIATOR) I need a little help with the log file

Stewart, Bill wjs-corp at kaman.com
Wed Apr 6 07:06:22 CDT 2005 

Mike,

	Thanks!  I've copied the certificates directory to the correct
place.  Now I get a different error.  Sorry to be a pain, but I don't know
what this means!!

Wed Apr  6 08:03:04 2005: DEBUG: Packet dump:
*** Received from 149.158.3.250 port 1190 ....
Code:       Access-Request
Identifier: 165
Authentic:  <231><5><0><0><208><15><0><0><10><28><0><0><195>q<0><0>
Attributes:
	Message-Authenticator = %<218>$sB<240><154>0<200><146>c<130><254>E>a
	User-Name = "LAN_KCNT\wjs"
	NAS-IP-Address = 149.158.3.250
	NAS-Port = 2
	NAS-Port-Type = Wireless-IEEE-802-11
	Calling-Station-Id = "00-01-f4-ec-97-29"
	EAP-Message = <2><1><0><17><1>LAN_KCNT\wjs
	Framed-MTU = 1000

Wed Apr  6 08:03:04 2005: DEBUG: Handling request with Handler ''
Wed Apr  6 08:03:04 2005: DEBUG:  Deleting session for LAN_KCNT\wjs,
149.158.3.250, 2
Wed Apr  6 08:03:04 2005: DEBUG: Handling with Radius::AuthFILE: 
Wed Apr  6 08:03:04 2005: DEBUG: Handling with EAP: code 2, 1, 17
Wed Apr  6 08:03:05 2005: DEBUG: Response type 1
Wed Apr  6 08:03:05 2005: ERR: TLS Could not load randomness: 
Wed Apr  6 08:03:05 2005: DEBUG: EAP result: 1, EAP TLS Could not initialise
context
Wed Apr  6 08:03:05 2005: DEBUG: AuthBy FILE result: REJECT, EAP TLS Could
not initialise context
Wed Apr  6 08:03:05 2005: INFO: Access rejected for LAN_KCNT\wjs: EAP TLS
Could not initialise context
Wed Apr  6 08:03:05 2005: DEBUG: Packet dump:
*** Sending to 149.158.3.250 port 1190 ....
Code:       Access-Reject
Identifier: 165
Authentic:  <231><5><0><0><208><15><0><0><10><28><0><0><195>q<0><0>
Attributes:
	Reply-Message = "Request Denied"

Bill

> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Wednesday, April 06, 2005 7:55 AM
> To: Stewart, Bill
> Cc: 'radiator at open.com.au'; Frati, Louis
> Subject: Re: (RADIATOR) I need a little help with the log file
> 
> 
> Hello Bill,
> 
> Your config file contains a specification for a root 
> certificate file, which 
> apparently does not exist:
> 
> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> 
> If you intend never to verify client certificates, and dont 
> have any relevant 
> root certificates, you can disable EAPTLS_CAFile and instead use 	
> EAPTLS_CAPath to point to some empty directory (EAPTLS_CAPath 
> usually names a 
> directory containing multiple root certificates which are loaded when 
> required.
> 
> eg:
> 
> #		EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> 		EAPTLS_CAPath %D/certificates
> 
> Or... Since you are not validating client certificates 
> anyway, it would not be 
> an error to just leave EAPTLS_CAFile pointing to the test 
> certificate we 
> provide.
> 
> Cheers.
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list