(RADIATOR) I need a little help with the log file

Mike McCauley mikem at open.com.au
Wed Apr 6 07:40:43 CDT 2005


Hello Bill,

Looks like you uncommented the random file spec in the config:

                EAPTLS_RandomFile %D/certificates/random
and presumably there is no source of randomness in that file.

You should comment that line out again, as it is in the example we supply.

We strongly recommend that you use the example configuration file exactly as 
supplied to get you started. Once you have your tests working with the 
example, you can alter things to suit your needs.


Cheers.

On Wednesday 06 April 2005 22:06, Stewart, Bill wrote:
> Mike,
>
> 	Thanks!  I've copied the certificates directory to the correct
> place.  Now I get a different error.  Sorry to be a pain, but I don't know
> what this means!!
>
> Wed Apr  6 08:03:04 2005: DEBUG: Packet dump:
> *** Received from 149.158.3.250 port 1190 ....
> Code:       Access-Request
> Identifier: 165
> Authentic:  <231><5><0><0><208><15><0><0><10><28><0><0><195>q<0><0>
> Attributes:
> 	Message-Authenticator = %<218>$sB<240><154>0<200><146>c<130><254>E>a
> 	User-Name = "LAN_KCNT\wjs"
> 	NAS-IP-Address = 149.158.3.250
> 	NAS-Port = 2
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "00-01-f4-ec-97-29"
> 	EAP-Message = <2><1><0><17><1>LAN_KCNT\wjs
> 	Framed-MTU = 1000
>
> Wed Apr  6 08:03:04 2005: DEBUG: Handling request with Handler ''
> Wed Apr  6 08:03:04 2005: DEBUG:  Deleting session for LAN_KCNT\wjs,
> 149.158.3.250, 2
> Wed Apr  6 08:03:04 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Apr  6 08:03:04 2005: DEBUG: Handling with EAP: code 2, 1, 17
> Wed Apr  6 08:03:05 2005: DEBUG: Response type 1
> Wed Apr  6 08:03:05 2005: ERR: TLS Could not load randomness:
> Wed Apr  6 08:03:05 2005: DEBUG: EAP result: 1, EAP TLS Could not
> initialise context
> Wed Apr  6 08:03:05 2005: DEBUG: AuthBy FILE result: REJECT, EAP TLS Could
> not initialise context
> Wed Apr  6 08:03:05 2005: INFO: Access rejected for LAN_KCNT\wjs: EAP TLS
> Could not initialise context
> Wed Apr  6 08:03:05 2005: DEBUG: Packet dump:
> *** Sending to 149.158.3.250 port 1190 ....
> Code:       Access-Reject
> Identifier: 165
> Authentic:  <231><5><0><0><208><15><0><0><10><28><0><0><195>q<0><0>
> Attributes:
> 	Reply-Message = "Request Denied"
>
> Bill
>
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Wednesday, April 06, 2005 7:55 AM
> > To: Stewart, Bill
> > Cc: 'radiator at open.com.au'; Frati, Louis
> > Subject: Re: (RADIATOR) I need a little help with the log file
> >
> >
> > Hello Bill,
> >
> > Your config file contains a specification for a root
> > certificate file, which
> > apparently does not exist:
> >
> > EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> >
> > If you intend never to verify client certificates, and dont
> > have any relevant
> > root certificates, you can disable EAPTLS_CAFile and instead use
> > EAPTLS_CAPath to point to some empty directory (EAPTLS_CAPath
> > usually names a
> > directory containing multiple root certificates which are loaded when
> > required.
> >
> > eg:
> >
> > #		EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> > 		EAPTLS_CAPath %D/certificates
> >
> > Or... Since you are not validating client certificates
> > anyway, it would not be
> > an error to just leave EAPTLS_CAFile pointing to the test
> > certificate we
> > provide.
> >
> > Cheers.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list