(RADIATOR) TTLS and OpenSSL error
Mike McCauley
mikem at open.com.au
Thu Oct 13 05:35:41 CDT 2005
Hello Richard,
On Thursday 13 October 2005 20:15, Richard Smit wrote:
> I installed NET_SSLeay.pm.ppd the way the faq you send me discribed.
> Version conflict is a possibility.
>
> Here is a trace level 5 log file.
Thank you, that helps a lot.
I suggest now that you install Win32 OpenSSL v0.9.7g from shining light
instead of 0.9.8.
Cheers.
>
> Thanks,
>
> Richard
>
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: donderdag 13 oktober 2005 12:09
> To: Richard Smit
> Cc: radiator at open.com.au; Martijn Balink
> Subject: Re: (RADIATOR) TTLS and OpenSSL error
>
> Hello Richard,
>
> On Thursday 13 October 2005 19:42, Richard Smit wrote:
> > Mike,
> >
> > Sorry, i did follow the faq file and installed the NET_SSLeay.pm.ppd
> > But I still get the same error. I restarted the service but no it
>
> didn't
>
> > work.
>
> How did you install NET_SSLeay.pm.ppd?
>
> > I think openSSL and NET_SSLeay are responding because the error tells
>
> us
>
> > that I call a function I should not call. I tried to find info about
>
> the
>
> > error number but that didn't return any info.
>
> I think that NET_SSLeay is not installed properly.
> Or perhaps NET_SSLeay is not compatible with whatever version orf
> OpenSSL you
> have installed.
>
> In any case we need to see the new Radiator log file at trace level 4.
>
> Cheers.
>
> > Thanks
> >
> > Richard
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: donderdag 13 oktober 2005 10:34
> > To: Richard Smit
> > Cc: radiator at open.com.au; Martijn Balink
> > Subject: Re: (RADIATOR) TTLS and OpenSSL error
> >
> > Hello Richard,
> >
> > On Thursday 13 October 2005 18:23, Richard Smit wrote:
> > > Mike,
> > >
> > > I use active perl 5.6.1 and win32_openssl 0.9.8
> > > PPM? Don't know. I just placed the .pm files.
> >
> > So did you follow the instructions at
> > http://www.open.com.au/radiator/faq.html#141
> >
> > That should get you working.
> >
> > Cheers.
> >
> > > Regards,
> > >
> > > Richard Smit
> > > HES Amsterdam
> > >
> > > -----Original Message-----
> > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > Sent: donderdag 13 oktober 2005 9:36
> > > To: Richard Smit
> > > Cc: radiator at open.com.au; Martijn Balink
> > > Subject: Re: (RADIATOR) TTLS and OpenSSL error
> > >
> > > Hello Richard,
> > >
> > > On Thursday 13 October 2005 17:21, Richard Smit wrote:
> > > > To all,
> > > >
> > > >
> > > >
> > > > I have a problem TTLS authentication and Radiator. I have
>
> installed
>
> > > > openssl and and the modules from CPAN.
> > > >
> > > >
> > > >
> > > > * Net_SSLeay v1.25
> > > >
> > > > * Digest-SHA1 v2.10
> > > >
> > > > * Digest-HMAC v1.01
> > >
> > > Did you compile these yourself, or install with PPM?
> > >
> > > > I get an error that I'm calling a module I should not call?? I'm
> > >
> > > running
> > >
> > > > the Radiator server on Windows 2003.
> > >
> > > Have you installed the Win32 OpenSSL as described in
> > > http://www.open.com.au/radiator/faq.html#141
> > > What version of Win32_OpenSSL have you installed?
> > >
> > > Are you using ActivePerl? What version?
> > >
> > > Cheers.
> > >
> > > > I hope someone knows the problem and can help me.
> > > >
> > > >
> > > >
> > > > Regards,
> > > >
> > > >
> > > >
> > > > Richard Smit
> > > >
> > > > HES Amsterdam
> > > >
> > > >
> > > >
> > > > ========================LOG========================
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Code: Access-Request
> > > >
> > > > Identifier: 151
> > > >
> > > > Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> > > >
> > > > Attributes:
> > > >
> > > > User-Name = "smi at heseduroam.nl"
> > > >
> > > > Framed-MTU = 1400
> > > >
> > > > Called-Station-Id = "0014.a824.c0c0"
> > > >
> > > > Calling-Station-Id = "0090.4b74.c253"
> > > >
> > > > Service-Type = Login-User
> > > >
> > > > Message-Authenticator =
> > > > <159>.p<156><245><20><26>c5T<184><150><4>^<16>
> > > >
> > > > EAP-Message =
>
> <2><6><0>W<21><128><0><0><0>M<23><3><1><0>H<30>q<202><130><222><195><184
>
> ><197><8><233><184><141><152>O<240>qz&<211><159><245>N<160><219>t<14><18
>
> 8>N<231><170><208><149><185><136><191>~>HA<206>QH_<207><245><206><170>2<
>
>
>
> 229><237><130>%u<152><152><203><252>yA<206><179><135>'<143><1><238>-.<16
>
> > > > 3><196><23><247>
> > > >
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > >
> > > > NAS-Port = 322
> > > >
> > > > NAS-IP-Address = xx.xx.xx.xx
> > > >
> > > >
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Handling request with Handler
> > > > 'Realm=DEFAULT'
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to
> > >
> > > smi at heseduroam.nl
> > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to
> > >
> > > smi at heseduroam.nl
> > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Deleting session for
> > > > smi at heseduroam.nl, xx.xx.xx.xx, 322
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Handling with Radius::AuthFILE:
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Handling with EAP: code 2, 6, 87
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Response type 21
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: EAP TTLS data, 3, 6, 5
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: EAP result: 1, EAP TLS read
>
> failed:
> > > > 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a function
> >
> > you
> >
> > > > should not call
> > > >
> > > >
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: AuthBy FILE result: REJECT, EAP
>
> TLS
>
> > > > read failed: 3804: 1 - error:140D5042:SSL
>
> routines:SSL3_CTRL:called
>
> > a
> >
> > > > function you should not call
> > > >
> > > >
> > > >
> > > > Wed Oct 5 13:51:25 2005: INFO: Access rejected for smi: EAP TLS
> >
> > read
> >
> > > > failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
> > > > function you should not call
> > > >
> > > >
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Packet dump:
> > > >
> > > > *** Sending to 145.28.33.100 port 1645 ....
> > > >
> > > >
> > > >
> > > > Packet length = 60
> > > >
> > > > 03 97 00 3c 31 90 d9 5e 74 2f a5 a0 4f bb ad 7e
> > > >
> > > > 10 40 33 91 4f 06 04 06 00 04 50 12 b0 c1 d2 c0
> > > >
> > > > 62 ad e9 9a d4 d9 33 31 33 68 b4 6b 12 10 52 65
> > > >
> > > > 71 75 65 73 74 20 44 65 6e 69 65 64
> > > >
> > > > Code: Access-Reject
> > > >
> > > > Identifier: 151
> > > >
> > > > Authentic: <214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> > > >
> > > > Attributes:
> > > >
> > > > EAP-Message = <4><6><0><4>
> > > >
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > >
> > > > Reply-Message = "Request Denied"
> > > >
> > > >
> > > >
> > > > ========================CFG========================
> > > >
> > > >
> > > >
> > > > # windows.cfg
> > > >
> > > > #
> > > >
> > > > # Example Radiator configuration file.
> > > >
> > > > # This very simple file will allow you to get started with
> > > >
> > > > # a simple system on Windows. You can then add and change
>
> features.
>
> > > > # We suggest you start simple, prove to yourself that it
> > > >
> > > > # works and then develop a more complicated configuration.
> > > >
> > > > #
> > > >
> > > > # This example is expected to be installed in
> > > >
> > > > # c:\Program Files\Radiator\radius.cfg
> > > >
> > > > # It will authenticate from a standard users file in
> > > >
> > > > # c:\Program Files\Radiator\users
> > > >
> > > > # it will log debug and other messages to
> > > >
> > > > # c:\Program Files\Radiator\logfile
> > > >
> > > > # and log accounting to a file in
> > > >
> > > > # c:\Program Files\Radiator\detail
> > > >
> > > > # (of course you can change all these by editing this config file
>
> if
>
> > > you
> > >
> > > > wish)
> > > >
> > > > #
> > > >
> > > > # It will accept requests from any client and try to handle
>
> requests
>
> > > > # for any realm.
> > > >
> > > > # And it will print out what its doing in great detail to the log
> > >
> > > file.
> > >
> > > > #
> > > >
> > > > # See radius.cfg for more complete examples of features and
> > > >
> > > > # syntax, and refer to the reference manual for a complete
> >
> > description
> >
> > > > # of all the features and syntax.
> > > >
> > > > #
> > > >
> > > > # You should consider this file to be a starting point only
> > > >
> > > > # $Id: windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
> > > >
> > > >
> > > >
> > > > # AuthPort specifies the port to list on for authentication
>
> requests
>
> > > > # Can be a numeric port number or a service name from
>
> /etc/services
>
> > > > # Defaults to 1645
> > > >
> > > > AuthPort 1645
> > > >
> > > >
> > > >
> > > > # AcctPort specifies the port to list on for accounting requests
> > > >
> > > > # Can be a numeric port number or a service name from
>
> /etc/services
>
> > > > # Defaults to 1646
> > > >
> > > > AcctPort 1646
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Foreground
> > > >
> > > > LogStdout
> > > >
> > > > LogDir c:/Program Files/Radiator/log
> > > >
> > > > DbDir c:/Program Files/Radiator
> > > >
> > > >
> > > >
> > > > LogFile c:/Program Files/Radiator/log/radius.log
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > # This will log at DEBUG level: very verbose
> > > >
> > > > # User a lower trace level in production systems, typically use 3
> > > >
> > > > Trace 4
> > > >
> > > >
> > > >
> > > > # You will probably want to add other Clients to suit your site,
> > > >
> > > > # one for each NAS you want to work with. This will work
> > > >
> > > > # at least with radpwtst running on the local machine
> > > >
> > > >
> > > >
> > > > #########################################
> > > >
> > > > # clients
> > > >
> > > > #########################################
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > #########################################
> > > >
> > > > # realms
> > > >
> > > > #########################################
> > > >
> > > >
> > > >
> > > > # Authenticate all realms with this
> > > >
> > > > <Realm DEFAULT>
> > > >
> > > > # This one translates all uppercase chars to lowercase
> > > >
> > > > RewriteUsername tr/[A-Z]/[a-z]/
> > > >
> > > > # Haalhet realm van de request voor verdere verwerking
> > > >
> > > > RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> > > >
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > >
> > > > AcctLogFileName C:/Program Files/Radiator/log/test.log
> > > >
> > > >
> > > >
> > > > <AuthBy FILE>
> > > >
> > > > EAPType TTLS
> > > >
> > > > EAPTLS_CAFile c:/openssl/bin/root/root.pem
> > > >
> > > > EAPTLS_CertificateFile
>
> c:/openssl/bin/server/server.pem
>
> > > > EAPTLS_CertificateType PEM
> > > >
> > > > EAPTLS_PrivateKeyFile c:/openssl/bin/server/server.pem
> > > >
> > > > EAPTLS_PrivateKeyPassword <remove>
> > > >
> > > > EAPTLS_MaxFragmentSize 1024
> > > >
> > > > AutoMPPEKeys
> > > >
> > > > Filename c:/program files/Radiator/bnksmi.txt
> > > >
> > > > </AuthBy>
> > > >
> > > > </Realm>
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list