(RADIATOR) TTLS and OpenSSL error
Mike McCauley
mikem at open.com.au
Thu Oct 13 02:36:28 CDT 2005
Hello Richard,
On Thursday 13 October 2005 17:21, Richard Smit wrote:
> To all,
>
>
>
> I have a problem TTLS authentication and Radiator. I have installed
> openssl and and the modules from CPAN.
>
>
>
> * Net_SSLeay v1.25
>
> * Digest-SHA1 v2.10
>
> * Digest-HMAC v1.01
Did you compile these yourself, or install with PPM?
>
>
>
> I get an error that I'm calling a module I should not call?? I'm running
> the Radiator server on Windows 2003.
Have you installed the Win32 OpenSSL as described in
http://www.open.com.au/radiator/faq.html#141
What version of Win32_OpenSSL have you installed?
Are you using ActivePerl? What version?
Cheers.
>
>
>
> I hope someone knows the problem and can help me.
>
>
>
> Regards,
>
>
>
> Richard Smit
>
> HES Amsterdam
>
>
>
> ========================LOG========================
>
>
>
>
>
> Code: Access-Request
>
> Identifier: 151
>
> Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
>
> Attributes:
>
> User-Name = "smi at heseduroam.nl"
>
> Framed-MTU = 1400
>
> Called-Station-Id = "0014.a824.c0c0"
>
> Calling-Station-Id = "0090.4b74.c253"
>
> Service-Type = Login-User
>
> Message-Authenticator =
> <159>.p<156><245><20><26>c5T<184><150><4>^<16>
>
> EAP-Message =
> <2><6><0>W<21><128><0><0><0>M<23><3><1><0>H<30>q<202><130><222><195><184
>
> ><197><8><233><184><141><152>O<240>qz&<211><159><245>N<160><219>t<14><18
>
> 8>N<231><170><208><149><185><136><191>~>HA<206>QH_<207><245><206><170>2<
> 229><237><130>%u<152><152><203><252>yA<206><179><135>'<143><1><238>-.<16
> 3><196><23><247>
>
> NAS-Port-Type = Wireless-IEEE-802-11
>
> NAS-Port = 322
>
> NAS-IP-Address = xx.xx.xx.xx
>
>
>
> Wed Oct 5 13:51:25 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
>
> Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi at heseduroam.nl
>
> Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi at heseduroam.nl
>
> Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi
>
> Wed Oct 5 13:51:25 2005: DEBUG: Deleting session for
> smi at heseduroam.nl, xx.xx.xx.xx, 322
>
> Wed Oct 5 13:51:25 2005: DEBUG: Handling with Radius::AuthFILE:
>
> Wed Oct 5 13:51:25 2005: DEBUG: Handling with EAP: code 2, 6, 87
>
> Wed Oct 5 13:51:25 2005: DEBUG: Response type 21
>
> Wed Oct 5 13:51:25 2005: DEBUG: EAP TTLS data, 3, 6, 5
>
> Wed Oct 5 13:51:25 2005: DEBUG: EAP result: 1, EAP TLS read failed:
> 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a function you
> should not call
>
>
>
> Wed Oct 5 13:51:25 2005: DEBUG: AuthBy FILE result: REJECT, EAP TLS
> read failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
> function you should not call
>
>
>
> Wed Oct 5 13:51:25 2005: INFO: Access rejected for smi: EAP TLS read
> failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
> function you should not call
>
>
>
> Wed Oct 5 13:51:25 2005: DEBUG: Packet dump:
>
> *** Sending to 145.28.33.100 port 1645 ....
>
>
>
> Packet length = 60
>
> 03 97 00 3c 31 90 d9 5e 74 2f a5 a0 4f bb ad 7e
>
> 10 40 33 91 4f 06 04 06 00 04 50 12 b0 c1 d2 c0
>
> 62 ad e9 9a d4 d9 33 31 33 68 b4 6b 12 10 52 65
>
> 71 75 65 73 74 20 44 65 6e 69 65 64
>
> Code: Access-Reject
>
> Identifier: 151
>
> Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
>
> Attributes:
>
> EAP-Message = <4><6><0><4>
>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Reply-Message = "Request Denied"
>
>
>
> ========================CFG========================
>
>
>
> # windows.cfg
>
> #
>
> # Example Radiator configuration file.
>
> # This very simple file will allow you to get started with
>
> # a simple system on Windows. You can then add and change features.
>
> # We suggest you start simple, prove to yourself that it
>
> # works and then develop a more complicated configuration.
>
> #
>
> # This example is expected to be installed in
>
> # c:\Program Files\Radiator\radius.cfg
>
> # It will authenticate from a standard users file in
>
> # c:\Program Files\Radiator\users
>
> # it will log debug and other messages to
>
> # c:\Program Files\Radiator\logfile
>
> # and log accounting to a file in
>
> # c:\Program Files\Radiator\detail
>
> # (of course you can change all these by editing this config file if you
> wish)
>
> #
>
> # It will accept requests from any client and try to handle requests
>
> # for any realm.
>
> # And it will print out what its doing in great detail to the log file.
>
> #
>
> # See radius.cfg for more complete examples of features and
>
> # syntax, and refer to the reference manual for a complete description
>
> # of all the features and syntax.
>
> #
>
> # You should consider this file to be a starting point only
>
> # $Id: windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
>
>
>
> # AuthPort specifies the port to list on for authentication requests
>
> # Can be a numeric port number or a service name from /etc/services
>
> # Defaults to 1645
>
> AuthPort 1645
>
>
>
> # AcctPort specifies the port to list on for accounting requests
>
> # Can be a numeric port number or a service name from /etc/services
>
> # Defaults to 1646
>
> AcctPort 1646
>
>
>
>
>
> Foreground
>
> LogStdout
>
> LogDir c:/Program Files/Radiator/log
>
> DbDir c:/Program Files/Radiator
>
>
>
> LogFile c:/Program Files/Radiator/log/radius.log
>
>
>
>
>
> # This will log at DEBUG level: very verbose
>
> # User a lower trace level in production systems, typically use 3
>
> Trace 4
>
>
>
> # You will probably want to add other Clients to suit your site,
>
> # one for each NAS you want to work with. This will work
>
> # at least with radpwtst running on the local machine
>
>
>
> #########################################
>
> # clients
>
> #########################################
>
>
>
> <Client xx.xx.xx.xx>
>
> Secret <remove>
>
> </Client>
>
>
>
> <Client xx.xx.xx.xx>
>
> Secret <remove>
>
> </Client>
>
>
>
> <Client xx.xx.xx.xx>
>
> Secret <remove>
>
> </Client>
>
>
>
> <Client xx.xx.xx.xx>
>
> Secret <remove>
>
> </Client>
>
>
>
> <Client xx.xx.xx.xx>
>
> Secret <remove>
>
> </Client>
>
>
>
>
>
> #########################################
>
> # realms
>
> #########################################
>
>
>
> # Authenticate all realms with this
>
> <Realm DEFAULT>
>
> # This one translates all uppercase chars to lowercase
>
> RewriteUsername tr/[A-Z]/[a-z]/
>
> # Haalhet realm van de request voor verdere verwerking
>
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>
> RewriteUsername s/^([^@]+).*/$1/
>
> AcctLogFileName C:/Program Files/Radiator/log/test.log
>
>
>
> <AuthBy FILE>
>
> EAPType TTLS
>
> EAPTLS_CAFile c:/openssl/bin/root/root.pem
>
> EAPTLS_CertificateFile c:/openssl/bin/server/server.pem
>
> EAPTLS_CertificateType PEM
>
> EAPTLS_PrivateKeyFile c:/openssl/bin/server/server.pem
>
> EAPTLS_PrivateKeyPassword <remove>
>
> EAPTLS_MaxFragmentSize 1024
>
> AutoMPPEKeys
>
> Filename c:/program files/Radiator/bnksmi.txt
>
> </AuthBy>
>
> </Realm>
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list