(RADIATOR) TTLS and OpenSSL error
Richard Smit
smi at hesasd.nl
Thu Oct 13 05:15:46 CDT 2005
I installed NET_SSLeay.pm.ppd the way the faq you send me discribed.
Version conflict is a possibility.
Here is a trace level 5 log file.
Thanks,
Richard
-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au]
Sent: donderdag 13 oktober 2005 12:09
To: Richard Smit
Cc: radiator at open.com.au; Martijn Balink
Subject: Re: (RADIATOR) TTLS and OpenSSL error
Hello Richard,
On Thursday 13 October 2005 19:42, Richard Smit wrote:
> Mike,
>
> Sorry, i did follow the faq file and installed the NET_SSLeay.pm.ppd
> But I still get the same error. I restarted the service but no it
didn't
> work.
How did you install NET_SSLeay.pm.ppd?
>
> I think openSSL and NET_SSLeay are responding because the error tells
us
> that I call a function I should not call. I tried to find info about
the
> error number but that didn't return any info.
I think that NET_SSLeay is not installed properly.
Or perhaps NET_SSLeay is not compatible with whatever version orf
OpenSSL you
have installed.
In any case we need to see the new Radiator log file at trace level 4.
Cheers.
>
> Thanks
>
> Richard
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: donderdag 13 oktober 2005 10:34
> To: Richard Smit
> Cc: radiator at open.com.au; Martijn Balink
> Subject: Re: (RADIATOR) TTLS and OpenSSL error
>
> Hello Richard,
>
> On Thursday 13 October 2005 18:23, Richard Smit wrote:
> > Mike,
> >
> > I use active perl 5.6.1 and win32_openssl 0.9.8
> > PPM? Don't know. I just placed the .pm files.
>
> So did you follow the instructions at
> http://www.open.com.au/radiator/faq.html#141
>
> That should get you working.
>
> Cheers.
>
> > Regards,
> >
> > Richard Smit
> > HES Amsterdam
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: donderdag 13 oktober 2005 9:36
> > To: Richard Smit
> > Cc: radiator at open.com.au; Martijn Balink
> > Subject: Re: (RADIATOR) TTLS and OpenSSL error
> >
> > Hello Richard,
> >
> > On Thursday 13 October 2005 17:21, Richard Smit wrote:
> > > To all,
> > >
> > >
> > >
> > > I have a problem TTLS authentication and Radiator. I have
installed
> > > openssl and and the modules from CPAN.
> > >
> > >
> > >
> > > * Net_SSLeay v1.25
> > >
> > > * Digest-SHA1 v2.10
> > >
> > > * Digest-HMAC v1.01
> >
> > Did you compile these yourself, or install with PPM?
> >
> > > I get an error that I'm calling a module I should not call?? I'm
> >
> > running
> >
> > > the Radiator server on Windows 2003.
> >
> > Have you installed the Win32 OpenSSL as described in
> > http://www.open.com.au/radiator/faq.html#141
> > What version of Win32_OpenSSL have you installed?
> >
> > Are you using ActivePerl? What version?
> >
> > Cheers.
> >
> > > I hope someone knows the problem and can help me.
> > >
> > >
> > >
> > > Regards,
> > >
> > >
> > >
> > > Richard Smit
> > >
> > > HES Amsterdam
> > >
> > >
> > >
> > > ========================LOG========================
> > >
> > >
> > >
> > >
> > >
> > > Code: Access-Request
> > >
> > > Identifier: 151
> > >
> > > Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> > >
> > > Attributes:
> > >
> > > User-Name = "smi at heseduroam.nl"
> > >
> > > Framed-MTU = 1400
> > >
> > > Called-Station-Id = "0014.a824.c0c0"
> > >
> > > Calling-Station-Id = "0090.4b74.c253"
> > >
> > > Service-Type = Login-User
> > >
> > > Message-Authenticator =
> > > <159>.p<156><245><20><26>c5T<184><150><4>^<16>
> > >
> > > EAP-Message =
>
>
<2><6><0>W<21><128><0><0><0>M<23><3><1><0>H<30>q<202><130><222><195><184
>
>
><197><8><233><184><141><152>O<240>qz&<211><159><245>N<160><219>t<14><18
>
>
8>N<231><170><208><149><185><136><191>~>HA<206>QH_<207><245><206><170>2<
>
>
>
229><237><130>%u<152><152><203><252>yA<206><179><135>'<143><1><238>-.<16
>
> > > 3><196><23><247>
> > >
> > > NAS-Port-Type = Wireless-IEEE-802-11
> > >
> > > NAS-Port = 322
> > >
> > > NAS-IP-Address = xx.xx.xx.xx
> > >
> > >
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Handling request with Handler
> > > 'Realm=DEFAULT'
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to
> >
> > smi at heseduroam.nl
> >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to
> >
> > smi at heseduroam.nl
> >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Deleting session for
> > > smi at heseduroam.nl, xx.xx.xx.xx, 322
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Handling with Radius::AuthFILE:
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Handling with EAP: code 2, 6, 87
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Response type 21
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: EAP TTLS data, 3, 6, 5
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: EAP result: 1, EAP TLS read
failed:
> > > 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a function
>
> you
>
> > > should not call
> > >
> > >
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: AuthBy FILE result: REJECT, EAP
TLS
> > > read failed: 3804: 1 - error:140D5042:SSL
routines:SSL3_CTRL:called
>
> a
>
> > > function you should not call
> > >
> > >
> > >
> > > Wed Oct 5 13:51:25 2005: INFO: Access rejected for smi: EAP TLS
>
> read
>
> > > failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
> > > function you should not call
> > >
> > >
> > >
> > > Wed Oct 5 13:51:25 2005: DEBUG: Packet dump:
> > >
> > > *** Sending to 145.28.33.100 port 1645 ....
> > >
> > >
> > >
> > > Packet length = 60
> > >
> > > 03 97 00 3c 31 90 d9 5e 74 2f a5 a0 4f bb ad 7e
> > >
> > > 10 40 33 91 4f 06 04 06 00 04 50 12 b0 c1 d2 c0
> > >
> > > 62 ad e9 9a d4 d9 33 31 33 68 b4 6b 12 10 52 65
> > >
> > > 71 75 65 73 74 20 44 65 6e 69 65 64
> > >
> > > Code: Access-Reject
> > >
> > > Identifier: 151
> > >
> > > Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> > >
> > > Attributes:
> > >
> > > EAP-Message = <4><6><0><4>
> > >
> > > Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > >
> > > Reply-Message = "Request Denied"
> > >
> > >
> > >
> > > ========================CFG========================
> > >
> > >
> > >
> > > # windows.cfg
> > >
> > > #
> > >
> > > # Example Radiator configuration file.
> > >
> > > # This very simple file will allow you to get started with
> > >
> > > # a simple system on Windows. You can then add and change
features.
> > >
> > > # We suggest you start simple, prove to yourself that it
> > >
> > > # works and then develop a more complicated configuration.
> > >
> > > #
> > >
> > > # This example is expected to be installed in
> > >
> > > # c:\Program Files\Radiator\radius.cfg
> > >
> > > # It will authenticate from a standard users file in
> > >
> > > # c:\Program Files\Radiator\users
> > >
> > > # it will log debug and other messages to
> > >
> > > # c:\Program Files\Radiator\logfile
> > >
> > > # and log accounting to a file in
> > >
> > > # c:\Program Files\Radiator\detail
> > >
> > > # (of course you can change all these by editing this config file
if
> >
> > you
> >
> > > wish)
> > >
> > > #
> > >
> > > # It will accept requests from any client and try to handle
requests
> > >
> > > # for any realm.
> > >
> > > # And it will print out what its doing in great detail to the log
> >
> > file.
> >
> > > #
> > >
> > > # See radius.cfg for more complete examples of features and
> > >
> > > # syntax, and refer to the reference manual for a complete
>
> description
>
> > > # of all the features and syntax.
> > >
> > > #
> > >
> > > # You should consider this file to be a starting point only
> > >
> > > # $Id: windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
> > >
> > >
> > >
> > > # AuthPort specifies the port to list on for authentication
requests
> > >
> > > # Can be a numeric port number or a service name from
/etc/services
> > >
> > > # Defaults to 1645
> > >
> > > AuthPort 1645
> > >
> > >
> > >
> > > # AcctPort specifies the port to list on for accounting requests
> > >
> > > # Can be a numeric port number or a service name from
/etc/services
> > >
> > > # Defaults to 1646
> > >
> > > AcctPort 1646
> > >
> > >
> > >
> > >
> > >
> > > Foreground
> > >
> > > LogStdout
> > >
> > > LogDir c:/Program Files/Radiator/log
> > >
> > > DbDir c:/Program Files/Radiator
> > >
> > >
> > >
> > > LogFile c:/Program Files/Radiator/log/radius.log
> > >
> > >
> > >
> > >
> > >
> > > # This will log at DEBUG level: very verbose
> > >
> > > # User a lower trace level in production systems, typically use 3
> > >
> > > Trace 4
> > >
> > >
> > >
> > > # You will probably want to add other Clients to suit your site,
> > >
> > > # one for each NAS you want to work with. This will work
> > >
> > > # at least with radpwtst running on the local machine
> > >
> > >
> > >
> > > #########################################
> > >
> > > # clients
> > >
> > > #########################################
> > >
> > >
> > >
> > > <Client xx.xx.xx.xx>
> > >
> > > Secret <remove>
> > >
> > > </Client>
> > >
> > >
> > >
> > > <Client xx.xx.xx.xx>
> > >
> > > Secret <remove>
> > >
> > > </Client>
> > >
> > >
> > >
> > > <Client xx.xx.xx.xx>
> > >
> > > Secret <remove>
> > >
> > > </Client>
> > >
> > >
> > >
> > > <Client xx.xx.xx.xx>
> > >
> > > Secret <remove>
> > >
> > > </Client>
> > >
> > >
> > >
> > > <Client xx.xx.xx.xx>
> > >
> > > Secret <remove>
> > >
> > > </Client>
> > >
> > >
> > >
> > >
> > >
> > > #########################################
> > >
> > > # realms
> > >
> > > #########################################
> > >
> > >
> > >
> > > # Authenticate all realms with this
> > >
> > > <Realm DEFAULT>
> > >
> > > # This one translates all uppercase chars to lowercase
> > >
> > > RewriteUsername tr/[A-Z]/[a-z]/
> > >
> > > # Haalhet realm van de request voor verdere verwerking
> > >
> > > RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> > >
> > > RewriteUsername s/^([^@]+).*/$1/
> > >
> > > AcctLogFileName C:/Program Files/Radiator/log/test.log
> > >
> > >
> > >
> > > <AuthBy FILE>
> > >
> > > EAPType TTLS
> > >
> > > EAPTLS_CAFile c:/openssl/bin/root/root.pem
> > >
> > > EAPTLS_CertificateFile
c:/openssl/bin/server/server.pem
> > >
> > > EAPTLS_CertificateType PEM
> > >
> > > EAPTLS_PrivateKeyFile c:/openssl/bin/server/server.pem
> > >
> > > EAPTLS_PrivateKeyPassword <remove>
> > >
> > > EAPTLS_MaxFragmentSize 1024
> > >
> > > AutoMPPEKeys
> > >
> > > Filename c:/program files/Radiator/bnksmi.txt
> > >
> > > </AuthBy>
> > >
> > > </Realm>
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia
http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius.log
Type: application/octet-stream
Size: 39244 bytes
Desc: radius.log
URL: <http://www.open.com.au/pipermail/radiator/attachments/20051013/cabd17fb/attachment.obj>
More information about the radiator
mailing list