(RADIATOR) TLS/TTLS hanging & timing out....

Jeff Wolfe wolfe at ems.psu.edu
Wed Aug 9 09:50:53 CDT 2006


Hugh,

Is it possible his radius.cfg isn't handling the inside of the TTLS 
tunnel? I don't see a handler for "tunneledbyttls" in there anywhere.. 
How does RADIATOR know to go to authby File for the interior auth?

-JEff


>> [radius.cfg]
>>
>> # trying to get TTLS working
>> Foreground
>> LogStdout
>> LogDir /etc/radiator
>> DbDir /etc/radiator
>>
>> # This will log at DEBUG level: very verbose
>> # User a lower trace level in production systems, typically use 3
>> Trace 4
>>
>> # Listen on standard and original ports
>> # added by larry 03/07/06
>> AuthPort 1812,1645
>> AcctPort 1813,1646
>>
>> # commented out the following 4 lines.... 19/07/06 at 11:26
>> #<Client DEFAULT>
>> # Secret mysecret
>> # DupInterval 0
>> #</Client>
>>
>> # This machine
>> <Client localhost>
>> Secret xxxxxxxxx
>> DupInterval 0
>> </Client>
>>
>> # The switch sitting under my desk...
>> <Client 192.168.1.3>
>> Secret xxxxxxxxxxxx
>> </Client>
>>
>> # Look up user details in a flat file
>> <AuthBy FILE>
>> Identifier TestTTLS
>> # %D is replaced by DbDir above
>> Filename %D/users
>> EAPType TTLS, PAP
>>
>> EAPTLS_CAFile %D/certificates/CA/cacert.crt
>> EAPTLS_CertificateFile %D/certificates/UCDcert.der
>> EAPTLS_CertificateType ASN1
>> EAPTLS_PrivateKeyFile %D/certificates/UCDcert.key
>> #EAPTLS_PrivateKeyPassword whatever
>> EAPTLS_MaxFragmentSize 1000
>> AutoMPPEKeys
>> </AuthBy>
>>
>> <AuthBy FILE>
>> Identifier TestRAD-File
>> Filename %D/users
>> EAPType PAP
>> </AuthBy>
>>
>> # Authenticate all realms with this
>> <Realm DEFAULT>
>> AuthBy TestTTLS
>> AcctLogFileName %D/detail
>> </Realm>
>>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list