(RADIATOR) TTLS and OpenSSL error
Richard Smit
smi at hesasd.nl
Thu Oct 13 04:42:45 CDT 2005
Mike,
Sorry, i did follow the faq file and installed the NET_SSLeay.pm.ppd
But I still get the same error. I restarted the service but no it didn't
work.
I think openSSL and NET_SSLeay are responding because the error tells us
that I call a function I should not call. I tried to find info about the
error number but that didn't return any info.
Thanks
Richard
-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au]
Sent: donderdag 13 oktober 2005 10:34
To: Richard Smit
Cc: radiator at open.com.au; Martijn Balink
Subject: Re: (RADIATOR) TTLS and OpenSSL error
Hello Richard,
On Thursday 13 October 2005 18:23, Richard Smit wrote:
> Mike,
>
> I use active perl 5.6.1 and win32_openssl 0.9.8
> PPM? Don't know. I just placed the .pm files.
So did you follow the instructions at
http://www.open.com.au/radiator/faq.html#141
That should get you working.
Cheers.
>
> Regards,
>
> Richard Smit
> HES Amsterdam
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: donderdag 13 oktober 2005 9:36
> To: Richard Smit
> Cc: radiator at open.com.au; Martijn Balink
> Subject: Re: (RADIATOR) TTLS and OpenSSL error
>
> Hello Richard,
>
> On Thursday 13 October 2005 17:21, Richard Smit wrote:
> > To all,
> >
> >
> >
> > I have a problem TTLS authentication and Radiator. I have installed
> > openssl and and the modules from CPAN.
> >
> >
> >
> > * Net_SSLeay v1.25
> >
> > * Digest-SHA1 v2.10
> >
> > * Digest-HMAC v1.01
>
> Did you compile these yourself, or install with PPM?
>
> > I get an error that I'm calling a module I should not call?? I'm
>
> running
>
> > the Radiator server on Windows 2003.
>
> Have you installed the Win32 OpenSSL as described in
> http://www.open.com.au/radiator/faq.html#141
> What version of Win32_OpenSSL have you installed?
>
> Are you using ActivePerl? What version?
>
> Cheers.
>
> > I hope someone knows the problem and can help me.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Richard Smit
> >
> > HES Amsterdam
> >
> >
> >
> > ========================LOG========================
> >
> >
> >
> >
> >
> > Code: Access-Request
> >
> > Identifier: 151
> >
> > Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> >
> > Attributes:
> >
> > User-Name = "smi at heseduroam.nl"
> >
> > Framed-MTU = 1400
> >
> > Called-Station-Id = "0014.a824.c0c0"
> >
> > Calling-Station-Id = "0090.4b74.c253"
> >
> > Service-Type = Login-User
> >
> > Message-Authenticator =
> > <159>.p<156><245><20><26>c5T<184><150><4>^<16>
> >
> > EAP-Message =
>
>
<2><6><0>W<21><128><0><0><0>M<23><3><1><0>H<30>q<202><130><222><195><184
>
>
><197><8><233><184><141><152>O<240>qz&<211><159><245>N<160><219>t<14><18
>
>
8>N<231><170><208><149><185><136><191>~>HA<206>QH_<207><245><206><170>2<
>
>
229><237><130>%u<152><152><203><252>yA<206><179><135>'<143><1><238>-.<16
>
> > 3><196><23><247>
> >
> > NAS-Port-Type = Wireless-IEEE-802-11
> >
> > NAS-Port = 322
> >
> > NAS-IP-Address = xx.xx.xx.xx
> >
> >
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to
>
> smi at heseduroam.nl
>
> > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to
>
> smi at heseduroam.nl
>
> > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: Deleting session for
> > smi at heseduroam.nl, xx.xx.xx.xx, 322
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: Handling with Radius::AuthFILE:
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: Handling with EAP: code 2, 6, 87
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: Response type 21
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: EAP TTLS data, 3, 6, 5
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: EAP result: 1, EAP TLS read failed:
> > 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a function
you
> > should not call
> >
> >
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: AuthBy FILE result: REJECT, EAP TLS
> > read failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called
a
> > function you should not call
> >
> >
> >
> > Wed Oct 5 13:51:25 2005: INFO: Access rejected for smi: EAP TLS
read
> > failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
> > function you should not call
> >
> >
> >
> > Wed Oct 5 13:51:25 2005: DEBUG: Packet dump:
> >
> > *** Sending to 145.28.33.100 port 1645 ....
> >
> >
> >
> > Packet length = 60
> >
> > 03 97 00 3c 31 90 d9 5e 74 2f a5 a0 4f bb ad 7e
> >
> > 10 40 33 91 4f 06 04 06 00 04 50 12 b0 c1 d2 c0
> >
> > 62 ad e9 9a d4 d9 33 31 33 68 b4 6b 12 10 52 65
> >
> > 71 75 65 73 74 20 44 65 6e 69 65 64
> >
> > Code: Access-Reject
> >
> > Identifier: 151
> >
> > Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> >
> > Attributes:
> >
> > EAP-Message = <4><6><0><4>
> >
> > Message-Authenticator =
> > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Reply-Message = "Request Denied"
> >
> >
> >
> > ========================CFG========================
> >
> >
> >
> > # windows.cfg
> >
> > #
> >
> > # Example Radiator configuration file.
> >
> > # This very simple file will allow you to get started with
> >
> > # a simple system on Windows. You can then add and change features.
> >
> > # We suggest you start simple, prove to yourself that it
> >
> > # works and then develop a more complicated configuration.
> >
> > #
> >
> > # This example is expected to be installed in
> >
> > # c:\Program Files\Radiator\radius.cfg
> >
> > # It will authenticate from a standard users file in
> >
> > # c:\Program Files\Radiator\users
> >
> > # it will log debug and other messages to
> >
> > # c:\Program Files\Radiator\logfile
> >
> > # and log accounting to a file in
> >
> > # c:\Program Files\Radiator\detail
> >
> > # (of course you can change all these by editing this config file if
>
> you
>
> > wish)
> >
> > #
> >
> > # It will accept requests from any client and try to handle requests
> >
> > # for any realm.
> >
> > # And it will print out what its doing in great detail to the log
>
> file.
>
> > #
> >
> > # See radius.cfg for more complete examples of features and
> >
> > # syntax, and refer to the reference manual for a complete
description
> >
> > # of all the features and syntax.
> >
> > #
> >
> > # You should consider this file to be a starting point only
> >
> > # $Id: windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
> >
> >
> >
> > # AuthPort specifies the port to list on for authentication requests
> >
> > # Can be a numeric port number or a service name from /etc/services
> >
> > # Defaults to 1645
> >
> > AuthPort 1645
> >
> >
> >
> > # AcctPort specifies the port to list on for accounting requests
> >
> > # Can be a numeric port number or a service name from /etc/services
> >
> > # Defaults to 1646
> >
> > AcctPort 1646
> >
> >
> >
> >
> >
> > Foreground
> >
> > LogStdout
> >
> > LogDir c:/Program Files/Radiator/log
> >
> > DbDir c:/Program Files/Radiator
> >
> >
> >
> > LogFile c:/Program Files/Radiator/log/radius.log
> >
> >
> >
> >
> >
> > # This will log at DEBUG level: very verbose
> >
> > # User a lower trace level in production systems, typically use 3
> >
> > Trace 4
> >
> >
> >
> > # You will probably want to add other Clients to suit your site,
> >
> > # one for each NAS you want to work with. This will work
> >
> > # at least with radpwtst running on the local machine
> >
> >
> >
> > #########################################
> >
> > # clients
> >
> > #########################################
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> > Secret <remove>
> >
> > </Client>
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> > Secret <remove>
> >
> > </Client>
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> > Secret <remove>
> >
> > </Client>
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> > Secret <remove>
> >
> > </Client>
> >
> >
> >
> > <Client xx.xx.xx.xx>
> >
> > Secret <remove>
> >
> > </Client>
> >
> >
> >
> >
> >
> > #########################################
> >
> > # realms
> >
> > #########################################
> >
> >
> >
> > # Authenticate all realms with this
> >
> > <Realm DEFAULT>
> >
> > # This one translates all uppercase chars to lowercase
> >
> > RewriteUsername tr/[A-Z]/[a-z]/
> >
> > # Haalhet realm van de request voor verdere verwerking
> >
> > RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> >
> > RewriteUsername s/^([^@]+).*/$1/
> >
> > AcctLogFileName C:/Program Files/Radiator/log/test.log
> >
> >
> >
> > <AuthBy FILE>
> >
> > EAPType TTLS
> >
> > EAPTLS_CAFile c:/openssl/bin/root/root.pem
> >
> > EAPTLS_CertificateFile c:/openssl/bin/server/server.pem
> >
> > EAPTLS_CertificateType PEM
> >
> > EAPTLS_PrivateKeyFile c:/openssl/bin/server/server.pem
> >
> > EAPTLS_PrivateKeyPassword <remove>
> >
> > EAPTLS_MaxFragmentSize 1024
> >
> > AutoMPPEKeys
> >
> > Filename c:/program files/Radiator/bnksmi.txt
> >
> > </AuthBy>
> >
> > </Realm>
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia
http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list