(RADIATOR) TTLS and OpenSSL error
Richard Smit
smi at hesasd.nl
Thu Oct 13 07:12:57 CDT 2005
Mike,
Thanks, you fixed the problem. It was the version of openssl.
The reason I didn't downgrade the version of openssl was that on the
site of Shinning Light the version 0.9.8 was recommended by the creators
of openssl and 0.9.7g was not. So.... stupid me.
Thanks for your help. Now I can make my deadline....
Richard Smit
HES Amsterdam
-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au]
Sent: donderdag 13 oktober 2005 12:36
To: Richard Smit
Cc: radiator at open.com.au; Martijn Balink
Subject: Re: (RADIATOR) TTLS and OpenSSL error
Hello Richard,
On Thursday 13 October 2005 20:15, Richard Smit wrote:
> I installed NET_SSLeay.pm.ppd the way the faq you send me discribed.
> Version conflict is a possibility.
>
> Here is a trace level 5 log file.
Thank you, that helps a lot.
I suggest now that you install Win32 OpenSSL v0.9.7g from shining light
instead of 0.9.8.
Cheers.
>
> Thanks,
>
> Richard
>
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: donderdag 13 oktober 2005 12:09
> To: Richard Smit
> Cc: radiator at open.com.au; Martijn Balink
> Subject: Re: (RADIATOR) TTLS and OpenSSL error
>
> Hello Richard,
>
> On Thursday 13 October 2005 19:42, Richard Smit wrote:
> > Mike,
> >
> > Sorry, i did follow the faq file and installed the NET_SSLeay.pm.ppd
> > But I still get the same error. I restarted the service but no it
>
> didn't
>
> > work.
>
> How did you install NET_SSLeay.pm.ppd?
>
> > I think openSSL and NET_SSLeay are responding because the error
tells
>
> us
>
> > that I call a function I should not call. I tried to find info about
>
> the
>
> > error number but that didn't return any info.
>
> I think that NET_SSLeay is not installed properly.
> Or perhaps NET_SSLeay is not compatible with whatever version orf
> OpenSSL you
> have installed.
>
> In any case we need to see the new Radiator log file at trace level 4.
>
> Cheers.
>
> > Thanks
> >
> > Richard
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: donderdag 13 oktober 2005 10:34
> > To: Richard Smit
> > Cc: radiator at open.com.au; Martijn Balink
> > Subject: Re: (RADIATOR) TTLS and OpenSSL error
> >
> > Hello Richard,
> >
> > On Thursday 13 October 2005 18:23, Richard Smit wrote:
> > > Mike,
> > >
> > > I use active perl 5.6.1 and win32_openssl 0.9.8
> > > PPM? Don't know. I just placed the .pm files.
> >
> > So did you follow the instructions at
> > http://www.open.com.au/radiator/faq.html#141
> >
> > That should get you working.
> >
> > Cheers.
> >
> > > Regards,
> > >
> > > Richard Smit
> > > HES Amsterdam
> > >
> > > -----Original Message-----
> > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > Sent: donderdag 13 oktober 2005 9:36
> > > To: Richard Smit
> > > Cc: radiator at open.com.au; Martijn Balink
> > > Subject: Re: (RADIATOR) TTLS and OpenSSL error
> > >
> > > Hello Richard,
> > >
> > > On Thursday 13 October 2005 17:21, Richard Smit wrote:
> > > > To all,
> > > >
> > > >
> > > >
> > > > I have a problem TTLS authentication and Radiator. I have
>
> installed
>
> > > > openssl and and the modules from CPAN.
> > > >
> > > >
> > > >
> > > > * Net_SSLeay v1.25
> > > >
> > > > * Digest-SHA1 v2.10
> > > >
> > > > * Digest-HMAC v1.01
> > >
> > > Did you compile these yourself, or install with PPM?
> > >
> > > > I get an error that I'm calling a module I should not call?? I'm
> > >
> > > running
> > >
> > > > the Radiator server on Windows 2003.
> > >
> > > Have you installed the Win32 OpenSSL as described in
> > > http://www.open.com.au/radiator/faq.html#141
> > > What version of Win32_OpenSSL have you installed?
> > >
> > > Are you using ActivePerl? What version?
> > >
> > > Cheers.
> > >
> > > > I hope someone knows the problem and can help me.
> > > >
> > > >
> > > >
> > > > Regards,
> > > >
> > > >
> > > >
> > > > Richard Smit
> > > >
> > > > HES Amsterdam
> > > >
> > > >
> > > >
> > > > ========================LOG========================
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Code: Access-Request
> > > >
> > > > Identifier: 151
> > > >
> > > > Authentic:
<214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> > > >
> > > > Attributes:
> > > >
> > > > User-Name = "smi at heseduroam.nl"
> > > >
> > > > Framed-MTU = 1400
> > > >
> > > > Called-Station-Id = "0014.a824.c0c0"
> > > >
> > > > Calling-Station-Id = "0090.4b74.c253"
> > > >
> > > > Service-Type = Login-User
> > > >
> > > > Message-Authenticator =
> > > > <159>.p<156><245><20><26>c5T<184><150><4>^<16>
> > > >
> > > > EAP-Message =
>
>
<2><6><0>W<21><128><0><0><0>M<23><3><1><0>H<30>q<202><130><222><195><184
>
>
><197><8><233><184><141><152>O<240>qz&<211><159><245>N<160><219>t<14><18
>
>
8>N<231><170><208><149><185><136><191>~>HA<206>QH_<207><245><206><170>2<
>
>
>
>
229><237><130>%u<152><152><203><252>yA<206><179><135>'<143><1><238>-.<16
>
> > > > 3><196><23><247>
> > > >
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > >
> > > > NAS-Port = 322
> > > >
> > > > NAS-IP-Address = xx.xx.xx.xx
> > > >
> > > >
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Handling request with Handler
> > > > 'Realm=DEFAULT'
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to
> > >
> > > smi at heseduroam.nl
> > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to
> > >
> > > smi at heseduroam.nl
> > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Rewrote user name to smi
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Deleting session for
> > > > smi at heseduroam.nl, xx.xx.xx.xx, 322
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Handling with Radius::AuthFILE:
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Handling with EAP: code 2, 6,
87
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Response type 21
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: EAP TTLS data, 3, 6, 5
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: EAP result: 1, EAP TLS read
>
> failed:
> > > > 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called a
function
> >
> > you
> >
> > > > should not call
> > > >
> > > >
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: AuthBy FILE result: REJECT, EAP
>
> TLS
>
> > > > read failed: 3804: 1 - error:140D5042:SSL
>
> routines:SSL3_CTRL:called
>
> > a
> >
> > > > function you should not call
> > > >
> > > >
> > > >
> > > > Wed Oct 5 13:51:25 2005: INFO: Access rejected for smi: EAP TLS
> >
> > read
> >
> > > > failed: 3804: 1 - error:140D5042:SSL routines:SSL3_CTRL:called
a
> > > > function you should not call
> > > >
> > > >
> > > >
> > > > Wed Oct 5 13:51:25 2005: DEBUG: Packet dump:
> > > >
> > > > *** Sending to 145.28.33.100 port 1645 ....
> > > >
> > > >
> > > >
> > > > Packet length = 60
> > > >
> > > > 03 97 00 3c 31 90 d9 5e 74 2f a5 a0 4f bb ad 7e
> > > >
> > > > 10 40 33 91 4f 06 04 06 00 04 50 12 b0 c1 d2 c0
> > > >
> > > > 62 ad e9 9a d4 d9 33 31 33 68 b4 6b 12 10 52 65
> > > >
> > > > 71 75 65 73 74 20 44 65 6e 69 65 64
> > > >
> > > > Code: Access-Reject
> > > >
> > > > Identifier: 151
> > > >
> > > > Authentic:
<214><21><163><204><229>w>]Rv{<210><153><221><190><0>
> > > >
> > > > Attributes:
> > > >
> > > > EAP-Message = <4><6><0><4>
> > > >
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > >
> > > > Reply-Message = "Request Denied"
> > > >
> > > >
> > > >
> > > > ========================CFG========================
> > > >
> > > >
> > > >
> > > > # windows.cfg
> > > >
> > > > #
> > > >
> > > > # Example Radiator configuration file.
> > > >
> > > > # This very simple file will allow you to get started with
> > > >
> > > > # a simple system on Windows. You can then add and change
>
> features.
>
> > > > # We suggest you start simple, prove to yourself that it
> > > >
> > > > # works and then develop a more complicated configuration.
> > > >
> > > > #
> > > >
> > > > # This example is expected to be installed in
> > > >
> > > > # c:\Program Files\Radiator\radius.cfg
> > > >
> > > > # It will authenticate from a standard users file in
> > > >
> > > > # c:\Program Files\Radiator\users
> > > >
> > > > # it will log debug and other messages to
> > > >
> > > > # c:\Program Files\Radiator\logfile
> > > >
> > > > # and log accounting to a file in
> > > >
> > > > # c:\Program Files\Radiator\detail
> > > >
> > > > # (of course you can change all these by editing this config
file
>
> if
>
> > > you
> > >
> > > > wish)
> > > >
> > > > #
> > > >
> > > > # It will accept requests from any client and try to handle
>
> requests
>
> > > > # for any realm.
> > > >
> > > > # And it will print out what its doing in great detail to the
log
> > >
> > > file.
> > >
> > > > #
> > > >
> > > > # See radius.cfg for more complete examples of features and
> > > >
> > > > # syntax, and refer to the reference manual for a complete
> >
> > description
> >
> > > > # of all the features and syntax.
> > > >
> > > > #
> > > >
> > > > # You should consider this file to be a starting point only
> > > >
> > > > # $Id: windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
> > > >
> > > >
> > > >
> > > > # AuthPort specifies the port to list on for authentication
>
> requests
>
> > > > # Can be a numeric port number or a service name from
>
> /etc/services
>
> > > > # Defaults to 1645
> > > >
> > > > AuthPort 1645
> > > >
> > > >
> > > >
> > > > # AcctPort specifies the port to list on for accounting requests
> > > >
> > > > # Can be a numeric port number or a service name from
>
> /etc/services
>
> > > > # Defaults to 1646
> > > >
> > > > AcctPort 1646
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Foreground
> > > >
> > > > LogStdout
> > > >
> > > > LogDir c:/Program Files/Radiator/log
> > > >
> > > > DbDir c:/Program Files/Radiator
> > > >
> > > >
> > > >
> > > > LogFile c:/Program Files/Radiator/log/radius.log
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > # This will log at DEBUG level: very verbose
> > > >
> > > > # User a lower trace level in production systems, typically use
3
> > > >
> > > > Trace 4
> > > >
> > > >
> > > >
> > > > # You will probably want to add other Clients to suit your site,
> > > >
> > > > # one for each NAS you want to work with. This will work
> > > >
> > > > # at least with radpwtst running on the local machine
> > > >
> > > >
> > > >
> > > > #########################################
> > > >
> > > > # clients
> > > >
> > > > #########################################
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > > <Client xx.xx.xx.xx>
> > > >
> > > > Secret <remove>
> > > >
> > > > </Client>
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > #########################################
> > > >
> > > > # realms
> > > >
> > > > #########################################
> > > >
> > > >
> > > >
> > > > # Authenticate all realms with this
> > > >
> > > > <Realm DEFAULT>
> > > >
> > > > # This one translates all uppercase chars to lowercase
> > > >
> > > > RewriteUsername tr/[A-Z]/[a-z]/
> > > >
> > > > # Haalhet realm van de request voor verdere verwerking
> > > >
> > > > RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> > > >
> > > > RewriteUsername s/^([^@]+).*/$1/
> > > >
> > > > AcctLogFileName C:/Program Files/Radiator/log/test.log
> > > >
> > > >
> > > >
> > > > <AuthBy FILE>
> > > >
> > > > EAPType TTLS
> > > >
> > > > EAPTLS_CAFile c:/openssl/bin/root/root.pem
> > > >
> > > > EAPTLS_CertificateFile
>
> c:/openssl/bin/server/server.pem
>
> > > > EAPTLS_CertificateType PEM
> > > >
> > > > EAPTLS_PrivateKeyFile
c:/openssl/bin/server/server.pem
> > > >
> > > > EAPTLS_PrivateKeyPassword <remove>
> > > >
> > > > EAPTLS_MaxFragmentSize 1024
> > > >
> > > > AutoMPPEKeys
> > > >
> > > > Filename c:/program files/Radiator/bnksmi.txt
> > > >
> > > > </AuthBy>
> > > >
> > > > </Realm>
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia
http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list