(RADIATOR) TTLS and OpenSSL error

Mike McCauley mikem at open.com.au
Thu Oct 13 03:33:47 CDT 2005 

Hello Richard,


On Thursday 13 October 2005 18:23, Richard Smit wrote:
> Mike,
>
> I use active perl 5.6.1 and win32_openssl 0.9.8
> PPM? Don't know. I just placed the .pm files.

So did you follow the instructions at 
http://www.open.com.au/radiator/faq.html#141

That should get you working.

Cheers.

>
> Regards,
>
> Richard Smit
> HES Amsterdam
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: donderdag 13 oktober 2005 9:36
> To: Richard Smit
> Cc: radiator at open.com.au; Martijn Balink
> Subject: Re: (RADIATOR) TTLS and OpenSSL error
>
> Hello Richard,
>
> On Thursday 13 October 2005 17:21, Richard Smit wrote:
> > To all,
> >
> >
> >
> > I have a problem TTLS authentication and Radiator. I have installed
> > openssl and and the modules from CPAN.
> >
> >
> >
> >             *           Net_SSLeay     v1.25
> >
> >             *           Digest-SHA1     v2.10
> >
> >             *           Digest-HMAC    v1.01
>
> Did you compile these yourself, or install with PPM?
>
> > I get an error that I'm calling a module I should not call?? I'm
>
> running
>
> > the Radiator server on Windows 2003.
>
> Have you installed the Win32  OpenSSL as described in
> http://www.open.com.au/radiator/faq.html#141
> What version of Win32_OpenSSL have you installed?
>
> Are you using ActivePerl? What version?
>
> Cheers.
>
> > I hope someone knows the problem and can help me.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Richard Smit
> >
> > HES Amsterdam
> >
> >
> >
> > ========================LOG========================
> >
> >
> >
> >
> >
> > Code:       Access-Request
> >
> > Identifier: 151
> >
> > Authentic:  <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> >
> > Attributes:
> >
> >             User-Name = "smi at heseduroam.nl"
> >
> >             Framed-MTU = 1400
> >
> >             Called-Station-Id = "0014.a824.c0c0"
> >
> >             Calling-Station-Id = "0090.4b74.c253"
> >
> >             Service-Type = Login-User
> >
> >             Message-Authenticator =
> > <159>.p<156><245><20><26>c5T<184><150><4>^<16>
> >
> >             EAP-Message =
>
> <2><6><0>W<21><128><0><0><0>M<23><3><1><0>H<30>q<202><130><222><195><184
>
> ><197><8><233><184><141><152>O<240>qz&<211><159><245>N<160><219>t<14><18
>
> 8>N<231><170><208><149><185><136><191>~>HA<206>QH_<207><245><206><170>2<
>
> 229><237><130>%u<152><152><203><252>yA<206><179><135>'<143><1><238>-.<16
>
> > 3><196><23><247>
> >
> >             NAS-Port-Type = Wireless-IEEE-802-11
> >
> >             NAS-Port = 322
> >
> >             NAS-IP-Address = xx.xx.xx.xx
> >
> >
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: Rewrote user name to
>
> smi at heseduroam.nl
>
> > Wed Oct  5 13:51:25 2005: DEBUG: Rewrote user name to
>
> smi at heseduroam.nl
>
> > Wed Oct  5 13:51:25 2005: DEBUG: Rewrote user name to smi
> >
> > Wed Oct  5 13:51:25 2005: DEBUG:  Deleting session for
> > smi at heseduroam.nl, xx.xx.xx.xx, 322
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: Handling with Radius::AuthFILE:
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: Handling with EAP: code 2, 6, 87
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: Response type 21
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: EAP TTLS data, 3, 6, 5
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: EAP result: 1, EAP TLS read failed:
> > 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a function you
> > should not call
> >
> >
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: AuthBy FILE result: REJECT, EAP TLS
> > read failed:  3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
> > function you should not call
> >
> >
> >
> > Wed Oct  5 13:51:25 2005: INFO: Access rejected for smi: EAP TLS read
> > failed:  3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
> > function you should not call
> >
> >
> >
> > Wed Oct  5 13:51:25 2005: DEBUG: Packet dump:
> >
> > *** Sending to 145.28.33.100 port 1645 ....
> >
> >
> >
> > Packet length = 60
> >
> > 03 97 00 3c 31 90 d9 5e 74 2f a5 a0 4f bb ad 7e
> >
> > 10 40 33 91 4f 06 04 06 00 04 50 12 b0 c1 d2 c0
> >
> > 62 ad e9 9a d4 d9 33 31 33 68 b4 6b 12 10 52 65
> >
> > 71 75 65 73 74 20 44 65 6e 69 65 64
> >
> > Code:       Access-Reject
> >
> > Identifier: 151
> >
> > Authentic:  <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> >
> > Attributes:
> >
> >             EAP-Message = <4><6><0><4>
> >
> >             Message-Authenticator =
> > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> >             Reply-Message = "Request Denied"
> >
> >
> >
> > ========================CFG========================
> >
> >
> >
> > # windows.cfg
> >
> > #
> >
> > # Example Radiator configuration file.
> >
> > # This very simple file will allow you to get started with
> >
> > # a simple system on Windows. You can then add and change features.
> >
> > # We suggest you start simple, prove to yourself that it
> >
> > # works and then develop a more complicated configuration.
> >
> > #
> >
> > # This example is expected to be installed in
> >
> > #   c:\Program Files\Radiator\radius.cfg
> >
> > # It will authenticate from a standard users file in
> >
> > #   c:\Program Files\Radiator\users
> >
> > # it will log debug and other messages to
> >
> > #   c:\Program Files\Radiator\logfile
> >
> > # and log accounting to a file in
> >
> > #   c:\Program Files\Radiator\detail
> >
> > # (of course you can change all these by editing this config file if
>
> you
>
> > wish)
> >
> > #
> >
> > # It will accept requests from any client and try to handle requests
> >
> > # for any realm.
> >
> > # And it will print out what its doing in great detail to the log
>
> file.
>
> > #
> >
> > # See radius.cfg for more complete examples of features and
> >
> > # syntax, and refer to the reference manual for a complete description
> >
> > # of all the features and syntax.
> >
> > #
> >
> > # You should consider this file to be a starting point only
> >
> > # $Id: windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
> >
> >
> >
> > # AuthPort specifies the port to list on for authentication requests
> >
> > # Can be a numeric port number or a service name from /etc/services
> >
> > # Defaults to 1645
> >
> > AuthPort    1645
> >
> >
> >
> > # AcctPort specifies the port to list on for accounting requests
> >
> > # Can be a numeric port number or a service name from /etc/services
> >
> > # Defaults to 1646
> >
> > AcctPort    1646
> >
> >
> >
> >
> >
> > Foreground
> >
> > LogStdout
> >
> > LogDir            c:/Program Files/Radiator/log
> >
> > DbDir       c:/Program Files/Radiator
> >
> >
> >
> > LogFile           c:/Program Files/Radiator/log/radius.log
> >
> >
> >
> >
> >
> > # This will log at DEBUG level: very verbose
> >
> > # User a lower trace level in production systems, typically use 3
> >
> > Trace             4
> >
> >
> >
> > # You will probably want to add other Clients to suit your site,
> >
> > # one for each NAS you want to work with. This will work
> >
> > # at least with radpwtst running on the local machine
> >
> >
> >
> > #########################################
> >
> > # clients
> >
> > #########################################
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> >       Secret      <remove>
> >
> > </Client>
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> >       Secret      <remove>
> >
> > </Client>
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> >       Secret      <remove>
> >
> > </Client>
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> >       Secret      <remove>
> >
> > </Client>
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> >       Secret      <remove>
> >
> > </Client>
> >
> >
> >
> >
> >
> > #########################################
> >
> > # realms
> >
> > #########################################
> >
> >
> >
> > # Authenticate all realms with this
> >
> > <Realm DEFAULT>
> >
> >       # This one translates all uppercase chars to lowercase
> >
> >       RewriteUsername   tr/[A-Z]/[a-z]/
> >
> >       # Haalhet realm van de request voor verdere verwerking
> >
> >       RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> >
> >       RewriteUsername   s/^([^@]+).*/$1/
> >
> >       AcctLogFileName C:/Program Files/Radiator/log/test.log
> >
> >
> >
> >       <AuthBy FILE>
> >
> >             EAPType TTLS
> >
> >             EAPTLS_CAFile c:/openssl/bin/root/root.pem
> >
> >             EAPTLS_CertificateFile c:/openssl/bin/server/server.pem
> >
> >             EAPTLS_CertificateType PEM
> >
> >             EAPTLS_PrivateKeyFile c:/openssl/bin/server/server.pem
> >
> >             EAPTLS_PrivateKeyPassword <remove>
> >
> >             EAPTLS_MaxFragmentSize 1024
> >
> >             AutoMPPEKeys
> >
> >             Filename  c:/program files/Radiator/bnksmi.txt
> >
> >       </AuthBy>
> >
> > </Realm>

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list