(RADIATOR) Certificate problem
Hugh Irvine
hugh at open.com.au
Fri Jul 8 19:07:32 CDT 2005
Hello Michal -
It sounds like Perl is crashing (probably because a prerequisite
module is not installed).
You can run Radiator from the command line to see what is happening:
cd /your/Radiator/distribution
perl radiusd -foreground -log_stdout -trace 4 -
config_file .....
where "....." is the full path name to your configuration file.
regards
Hugh
On 8 Jul 2005, at 22:38, Michal Marciniszyn wrote:
> Hi,
>
> I'm trying to connect RADIATOR on NDS. Everything works fine when I
> use NDS withou security turned on. RADIATOR correctly connects
> through port 389.
>
> However, when I try to connect radiator on NDS with secured ports
> problem appears.
> If I connect through port 389 error Confidelity required appears
> (it does not matter at all, since I have to use 636 ldaps port). If
> I connect through 636 port I get this log:
> ------------------
> Code: Access-Request
> Identifier: 40
> Authentic: 1234567890123456
> Attributes:
> User-Name = "tstois1"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password = ***SOMETHING***
>
> Tue Jun 28 15:08:40 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jun 28 15:08:40 2005: DEBUG: Deleting session for tstois1,
> 203.63.154.1, 1234
> Tue Jun 28 15:08:40 2005: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Tue Jun 28 15:08:40 2005: INFO: Connecting to 10.24.4.11, port 636
> ---------------
> and RADIATOR freezes. I have the NDS CA certificate (got it in der
> format, converted into pem format). I have following in my conf file:
> ----------------------------------------------
>
> <AuthBy LDAP2>
> Identifier CheckLDAP
> # Log ldap_log
>
> Host 10.24.4.11
> Port 389
>
> AuthDN cn=tstois1,ou=ict,ou=hsp,o=edu
> AuthPassword XXXXX
>
> BaseDN o=edu
> UsernameAttr uid
> GetNovellUP
>
> ##AuthAttrDef radiusTunnelPrivateGroupID,
> ## Tunnel-Private-Group-ID, reply
>
> ## EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-
> Challenge,PAP
>
> UseSSL
> # SSLVerify none
> SSLCAFile /etc/radiator/root.pem
>
> #AutoMPPEKeys
>
> #SSLeayTrace 5
>
> ##AllowInReply Tunnel-Private-Group-ID
> ##AddToReplyIfNotExist Tunnel-Private-Group-ID=1:100
> ##AddToReply Tunnel-Type=1:VLAN,\
> ## Tunnel-Medium-Type=1:Ether_802
> HoldServerConnection
> Timeout 2
> FailureBackoffTime 30
>
> </AuthBy>
> -----------------------------------
> where root.pem is PEM format CA certificate. Where is the problem?
> Same setting works fine if I use freeradius (i.e. I only set up
> CAfile).
>
> Michal Marciniszyn
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list