(RADIATOR) TTLS and OpenSSL error
Richard Smit
smi at hesasd.nl
Thu Oct 13 02:21:04 CDT 2005
To all,
I have a problem TTLS authentication and Radiator. I have installed
openssl and and the modules from CPAN.
* Net_SSLeay v1.25
* Digest-SHA1 v2.10
* Digest-HMAC v1.01
I get an error that I'm calling a module I should not call?? I'm running
the Radiator server on Windows 2003.
I hope someone knows the problem and can help me.
Regards,
Richard Smit
HES Amsterdam
========================LOG========================
Code: Access-Request
Identifier: 151
Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
Attributes:
User-Name = "smi at heseduroam.nl"
Framed-MTU = 1400
Called-Station-Id = "0014.a824.c0c0"
Calling-Station-Id = "0090.4b74.c253"
Service-Type = Login-User
Message-Authenticator =
<159>.p<156><245><20><26>c5T<184><150><4>^<16>
EAP-Message =
<2><6><0>W<21><128><0><0><0>M<23><3><1><0>H<30>q<202><130><222><195><184
><197><8><233><184><141><152>O<240>qz&<211><159><245>N<160><219>t<14><18
8>N<231><170><208><149><185><136><191>~>HA<206>QH_<207><245><206><170>2<
229><237><130>%u<152><152><203><252>yA<206><179><135>'<143><1><238>-.<16
3><196><23><247>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 322
NAS-IP-Address = xx.xx.xx.xx
Wed Oct 5 13:51:25 2005: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi at heseduroam.nl
Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi at heseduroam.nl
Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi
Wed Oct 5 13:51:25 2005: DEBUG: Deleting session for
smi at heseduroam.nl, xx.xx.xx.xx, 322
Wed Oct 5 13:51:25 2005: DEBUG: Handling with Radius::AuthFILE:
Wed Oct 5 13:51:25 2005: DEBUG: Handling with EAP: code 2, 6, 87
Wed Oct 5 13:51:25 2005: DEBUG: Response type 21
Wed Oct 5 13:51:25 2005: DEBUG: EAP TTLS data, 3, 6, 5
Wed Oct 5 13:51:25 2005: DEBUG: EAP result: 1, EAP TLS read failed:
3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a function you
should not call
Wed Oct 5 13:51:25 2005: DEBUG: AuthBy FILE result: REJECT, EAP TLS
read failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
function you should not call
Wed Oct 5 13:51:25 2005: INFO: Access rejected for smi: EAP TLS read
failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
function you should not call
Wed Oct 5 13:51:25 2005: DEBUG: Packet dump:
*** Sending to 145.28.33.100 port 1645 ....
Packet length = 60
03 97 00 3c 31 90 d9 5e 74 2f a5 a0 4f bb ad 7e
10 40 33 91 4f 06 04 06 00 04 50 12 b0 c1 d2 c0
62 ad e9 9a d4 d9 33 31 33 68 b4 6b 12 10 52 65
71 75 65 73 74 20 44 65 6e 69 65 64
Code: Access-Reject
Identifier: 151
Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
Attributes:
EAP-Message = <4><6><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
========================CFG========================
# windows.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# a simple system on Windows. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# This example is expected to be installed in
# c:\Program Files\Radiator\radius.cfg
# It will authenticate from a standard users file in
# c:\Program Files\Radiator\users
# it will log debug and other messages to
# c:\Program Files\Radiator\logfile
# and log accounting to a file in
# c:\Program Files\Radiator\detail
# (of course you can change all these by editing this config file if you
wish)
#
# It will accept requests from any client and try to handle requests
# for any realm.
# And it will print out what its doing in great detail to the log file.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# of all the features and syntax.
#
# You should consider this file to be a starting point only
# $Id: windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
# AuthPort specifies the port to list on for authentication requests
# Can be a numeric port number or a service name from /etc/services
# Defaults to 1645
AuthPort 1645
# AcctPort specifies the port to list on for accounting requests
# Can be a numeric port number or a service name from /etc/services
# Defaults to 1646
AcctPort 1646
Foreground
LogStdout
LogDir c:/Program Files/Radiator/log
DbDir c:/Program Files/Radiator
LogFile c:/Program Files/Radiator/log/radius.log
# This will log at DEBUG level: very verbose
# User a lower trace level in production systems, typically use 3
Trace 4
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with. This will work
# at least with radpwtst running on the local machine
#########################################
# clients
#########################################
<Client xx.xx.xx.xx>
Secret <remove>
</Client>
<Client xx.xx.xx.xx>
Secret <remove>
</Client>
<Client xx.xx.xx.xx>
Secret <remove>
</Client>
<Client xx.xx.xx.xx>
Secret <remove>
</Client>
<Client xx.xx.xx.xx>
Secret <remove>
</Client>
#########################################
# realms
#########################################
# Authenticate all realms with this
<Realm DEFAULT>
# This one translates all uppercase chars to lowercase
RewriteUsername tr/[A-Z]/[a-z]/
# Haalhet realm van de request voor verdere verwerking
RewriteUsername s/^(.*)\\(.*)/$2\@$1/
RewriteUsername s/^([^@]+).*/$1/
AcctLogFileName C:/Program Files/Radiator/log/test.log
<AuthBy FILE>
EAPType TTLS
EAPTLS_CAFile c:/openssl/bin/root/root.pem
EAPTLS_CertificateFile c:/openssl/bin/server/server.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile c:/openssl/bin/server/server.pem
EAPTLS_PrivateKeyPassword <remove>
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys
Filename c:/program files/Radiator/bnksmi.txt
</AuthBy>
</Realm>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20051013/f04fb517/attachment.html>
More information about the radiator
mailing list