(RADIATOR) TTLS Authby FILE and LDAP2 problems

Jim Michael JMichael at chesterfield.mo.us
Fri Jan 7 17:26:52 CST 2005


I'm trying to set up Radiator to authenticate the "anonymous" user for
TTLS via AuthBy FILE, and the inner (real) users via AuthBy LDAP2. Here
is my config file and part of the log with the error I'm getting. Can
anyone tell me what's wrong? Note that we're not using "Realms" (eg,
users don't log in with user at mydomain.com... they just log in as user).
Not sure how to handle this!

config file: 

AuthPort 1812
AcctPort 1813
Foreground
LogStdout
LogDir		/var/log/radius
DbDir		/etc/radiator
# User a lower trace level in production systems:
Trace 		4

<Client DEFAULT>
	Secret	mysecret
	DupInterval 0
</Client>

<Handler TunnelledByTTLS=1>
#RewriteUsername         s/^(.*?)\@.*$/$1/
	<AuthBy LDAP2>
		Host 			ldap.mydomain.com
		AuthDN		cn=admin,o=coc
		AuthPassword	##########
		BaseDN		o=private,ou=users
		ServerChecksPassword
		
	</AuthBy>
</Handler>

<Handler>
	<AuthBy FILE>
		Filename /etc/radiator/users	
		EAPType TTLS

		EAPTLS_CAFile
/etc/radiator/certificates/demoCA/cacert.pem

		EAPTLS_CAPath

		EAPTLS_CertificateFile
/etc/radiator/certificates/cert-srv.pem
		EAPTLS_CertificateType PEM

		EAPTLS_PrivateKeyFile
/etc/radiator/certificates/cert-srv.pem
		EAPTLS_PrivateKeyPassword whatever

		# EAPTLS_RandomFile is an optional file containing
		# randdomness
#		EAPTLS_RandomFile /etc/radiator/certificates/random

		EAPTLS_MaxFragmentSize 1000

		# EAPTLS_DHFile if set specifies the DH group file. It
		# may be required if you need to use ephemeral DH keys.
#		EAPTLS_DHFile /etc/radiator/certificates/cert/dh
		
		
		AutoMPPEKeys
		
	</AuthBy>

</Handler>



error in log:

Fri Jan  7 17:13:19 2005: DEBUG: Handling request with Handler ''
Fri Jan  7 17:13:19 2005: DEBUG:  Deleting session for anonymous,
192.168.10.41, 1
Fri Jan  7 17:13:19 2005: DEBUG: Handling with Radius::AuthFILE: 
Fri Jan  7 17:13:19 2005: DEBUG: Handling with EAP: code 2, 6, 71
Fri Jan  7 17:13:19 2005: DEBUG: Response type 21
Fri Jan  7 17:13:19 2005: DEBUG: EAP TTLS data, 3, 6, 5
Fri Jan  7 17:13:19 2005: DEBUG: EAP TTLS inner authentication request
for jimm
Fri Jan  7 17:13:19 2005: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <204><174><0><203><233><229><149>j<148>#N<211><180>.^<220>
Attributes:
	User-Name = "jimm"
	User-Password = "xxxxxxxxxxxxx"

Fri Jan  7 17:13:19 2005: DEBUG: Handling request with Handler
'TunnelledByTTLS=1'
Fri Jan  7 17:13:19 2005: DEBUG:  Deleting session for jimm,
192.168.10.41, 
Fri Jan  7 17:13:19 2005: DEBUG: Handling with Radius::AuthLDAP2: 
Fri Jan  7 17:13:19 2005: INFO: Connecting to ldap.mydomain.com, port
389
Fri Jan  7 17:13:19 2005: INFO: Attempting to bind to LDAP server
ldap.mydomain.com:389)
Fri Jan  7 17:13:19 2005: ERR: Could not handle an EAP request:
Undefined subroutine &Radius::AuthLDAP2::ldap_error_name called at
/usr/lib/perl5/site_perl/Radius/AuthLDAP2.pm line 154, <DATA> line 283.

Jim




--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list