(RADIATOR) TTLS Authby FILE and LDAP2 problems

Hugh Irvine hugh at open.com.au
Fri Jan 7 22:36:22 CST 2005 

Hello Jim -

Thanks for sending the configuration and trace.

The configuration file looks OK, but what version of Radiator are you 
using?

There was a bug corresponding to what you show below and you should be 
using Radiator 3.11 plus all patches.

Also - have you installed the perl-ldap module correctly (www.cpan.org)?

regards

Hugh


On 8 Jan 2005, at 10:26, Jim Michael wrote:

> I'm trying to set up Radiator to authenticate the "anonymous" user for
> TTLS via AuthBy FILE, and the inner (real) users via AuthBy LDAP2. Here
> is my config file and part of the log with the error I'm getting. Can
> anyone tell me what's wrong? Note that we're not using "Realms" (eg,
> users don't log in with user at mydomain.com... they just log in as user).
> Not sure how to handle this!
>
> config file:
>
> AuthPort 1812
> AcctPort 1813
> Foreground
> LogStdout
> LogDir		/var/log/radius
> DbDir		/etc/radiator
> # User a lower trace level in production systems:
> Trace 		4
>
> <Client DEFAULT>
> 	Secret	mysecret
> 	DupInterval 0
> </Client>
>
> <Handler TunnelledByTTLS=1>
> #RewriteUsername         s/^(.*?)\@.*$/$1/
> 	<AuthBy LDAP2>
> 		Host 			ldap.mydomain.com
> 		AuthDN		cn=admin,o=coc
> 		AuthPassword	##########
> 		BaseDN		o=private,ou=users
> 		ServerChecksPassword
> 		
> 	</AuthBy>
> </Handler>
>
> <Handler>
> 	<AuthBy FILE>
> 		Filename /etc/radiator/users	
> 		EAPType TTLS
>
> 		EAPTLS_CAFile
> /etc/radiator/certificates/demoCA/cacert.pem
>
> 		EAPTLS_CAPath
>
> 		EAPTLS_CertificateFile
> /etc/radiator/certificates/cert-srv.pem
> 		EAPTLS_CertificateType PEM
>
> 		EAPTLS_PrivateKeyFile
> /etc/radiator/certificates/cert-srv.pem
> 		EAPTLS_PrivateKeyPassword whatever
>
> 		# EAPTLS_RandomFile is an optional file containing
> 		# randdomness
> #		EAPTLS_RandomFile /etc/radiator/certificates/random
>
> 		EAPTLS_MaxFragmentSize 1000
>
> 		# EAPTLS_DHFile if set specifies the DH group file. It
> 		# may be required if you need to use ephemeral DH keys.
> #		EAPTLS_DHFile /etc/radiator/certificates/cert/dh
> 		
> 		
> 		AutoMPPEKeys
> 		
> 	</AuthBy>
>
> </Handler>
>
>
>
> error in log:
>
> Fri Jan  7 17:13:19 2005: DEBUG: Handling request with Handler ''
> Fri Jan  7 17:13:19 2005: DEBUG:  Deleting session for anonymous,
> 192.168.10.41, 1
> Fri Jan  7 17:13:19 2005: DEBUG: Handling with Radius::AuthFILE:
> Fri Jan  7 17:13:19 2005: DEBUG: Handling with EAP: code 2, 6, 71
> Fri Jan  7 17:13:19 2005: DEBUG: Response type 21
> Fri Jan  7 17:13:19 2005: DEBUG: EAP TTLS data, 3, 6, 5
> Fri Jan  7 17:13:19 2005: DEBUG: EAP TTLS inner authentication request
> for jimm
> Fri Jan  7 17:13:19 2005: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <204><174><0><203><233><229><149>j<148>#N<211><180>.^<220>
> Attributes:
> 	User-Name = "jimm"
> 	User-Password = "xxxxxxxxxxxxx"
>
> Fri Jan  7 17:13:19 2005: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Fri Jan  7 17:13:19 2005: DEBUG:  Deleting session for jimm,
> 192.168.10.41,
> Fri Jan  7 17:13:19 2005: DEBUG: Handling with Radius::AuthLDAP2:
> Fri Jan  7 17:13:19 2005: INFO: Connecting to ldap.mydomain.com, port
> 389
> Fri Jan  7 17:13:19 2005: INFO: Attempting to bind to LDAP server
> ldap.mydomain.com:389)
> Fri Jan  7 17:13:19 2005: ERR: Could not handle an EAP request:
> Undefined subroutine &Radius::AuthLDAP2::ldap_error_name called at
> /usr/lib/perl5/site_perl/Radius/AuthLDAP2.pm line 154, <DATA> line 283.
>
> Jim
>
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list