(RADIATOR) running into snags trying to get EAP-FAST working
Jim Veneskey
jvene at cisco.com
Tue Feb 12 09:12:29 CST 2008
Hi,
I attempted to subscribe to this mailing list, not sure if it went
through or not, since I did not get an automated reply.
Anyhow - on the off chance the list will accept this email, I'm looking
for some advice getting EAP-FAST working.
My first attempt was installing Radiator on a non-RPM machine, I
followed the instructions in goodies/eap_fast.txt:
> In order to build OpenSSL with these patches, do something like:
> tar zxvf openssl-0.9.8d.tar.gz
> cd openssl-0.9.8d
> patch -r 1 < ../openssl-0.9.8d-session-ticket-osc.patch
> Then compile and install OpenSSL as per the instructions in the OpenSSL
> INSTALL file.
And my results:
> deathwing:/tmp$ cd openssl-0.9.8d
> deathwing:/tmp/openssl-0.9.8d$ patch -r 1 < ../openssl-0.9.8d-session-ticket-osc.patch
> can't find file to patch at input line 4
> Perhaps you should have used the -p or --strip option?
> The text leading up to this was:
> --------------------------
> |diff -uprN openssl-0.9.8d.orig/include/openssl/ssl.h openssl-0.9.8d/include/openssl/ssl.h
> |--- openssl-0.9.8d.orig/include/openssl/ssl.h 2006-06-14 23:52:49.000000000 +1000
> |+++ openssl-0.9.8d/include/openssl/ssl.h 2007-09-03 10:02:32.000000000 +1000
> --------------------------
> File to patch:
> deathwing:/tmp/openssl-0.9.8d$
I tried a variety of openssl versions and the corresponding patches, and
all of them gave me this same error.
I'm no expert on patch, so this was a dead end for me.
I next downloaded the RPM version of Radiator, and installed it on a
RedHat system:
> gator:/home/jvene# cat /etc/redhat-release
> Red Hat Enterprise Linux ES release 4 (Nahant)
The main Radiator RPM installed w/out a hitch, and then I found the
message here:
http://www.open.com.au/archives/radiator/2008-01/msg00004.html
talking about pre-patched openssl and Net-SSLeay rpm.
I installed that - no problems there either.
(this shows it is installed:
gator:/home/jvene# rpm -Uvh Net-SSLeay-1.32-1.i386.rpm
Preparing... ###########################################
[100%]
package Net-SSLeay-1.32-1 is already installed
gator:/home/jvene#
)
I next backed up the original radius.cfg and copied over the stock
eap_fast.cfg file.
I made a small change to /etc/radiator/users and added a test user to
the file so I could verify my install - I based it off the original
"mikem" user.
> # The example user mikem has a password of fred, and will
> # receive reply attributes suitable for most NASs.
> # You can do many more interesting things. See the Radiator reference
> # manual for more details
> #
> # You can test this user with the command
> # perl radpwtst
>
> mikem User-Password=fred
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP
>
> widevaio User-Password=widevaio
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP
>
My client was not getting authenticated (wireless client using CB21ABG
card with ADU) so I looked at the logfile and saw it was complaining
about not being able to find Net-SSleay.
Here is where I am now stuck, since I have installed the RPM containing
Net-SSLeay and am not sure where to go from here.
The module IS installed:
> gator:/home/jvene# locate SSLeay.pm
> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Crypt/SSLeay.pm
> /usr/lib/perl5/site_perl/5.8.7/i586-linux-thread-multi/Net/SSLeay.pm
> gator:/home/jvene#
The exact errors from the log follows.
Any advice is appreciated, I'd really like to get this working for some
testing against a new release of our wireless controller.
Thanks
Jim
> gator:/var/log/radius# less logfile
> Tue Feb 12 09:20:16 2008: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg'
> Tue Feb 12 09:20:16 2008: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
> Tue Feb 12 09:20:16 2008: DEBUG: Creating authentication port 0.0.0.0:1645
> Tue Feb 12 09:20:16 2008: DEBUG: Creating accounting port 0.0.0.0:1646
> Tue Feb 12 09:20:16 2008: NOTICE: Server started: Radiator 4.0 on gator (LOCKED)
> Tue Feb 12 09:20:38 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
>
> Packet length = 162
> 01 1e 00 a2 f5 43 ee da 75 d3 81 1e b0 a5 ce 9b
> f7 0b 04 70 01 0a 77 69 64 65 76 61 69 6f 1f 13
> 30 30 2d 34 30 2d 39 36 2d 41 34 2d 34 45 2d 32
> 34 1e 1a 30 30 2d 31 34 2d 46 31 2d 41 45 2d 30
> 41 2d 32 30 3a 6c 65 61 70 65 72 05 06 00 00 00
> 1d 04 06 c0 a8 32 0f 20 0c 63 6e 74 6c 33 37 35
> 30 2d 77 1a 0c 00 00 37 63 01 06 00 00 00 06 06
> 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00
> 13 4f 0f 02 02 00 0d 01 77 69 64 65 76 61 69 6f
> 50 12 a3 f9 4a 9d 42 1c fb a2 2a d5 8a 07 00 ea
> 6b 3b
> Code: Access-Request
> Identifier: 30
> Authentic: <245>C<238><218>u<211><129><30><176><165><206><155><247><11><4>p
> Attributes:
> User-Name = "widevaio"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-14-F1-AE-0A-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><2><0><13><1>widevaio
> Message-Authenticator = <163><249>J<157>B<28><251><162>*<213><138><7><0><234>k;
>
> Tue Feb 12 09:20:38 2008: DEBUG: Handling request with Handler ''
> Tue Feb 12 09:20:38 2008: DEBUG: Deleting session for widevaio, 192.168.50.15, 29
> Tue Feb 12 09:20:38 2008: DEBUG: Handling with Radius::AuthFILE:
> Tue Feb 12 09:20:38 2008: DEBUG: Handling with EAP: code 2, 2, 13, 1
> Tue Feb 12 09:20:38 2008: DEBUG: Response type 1
> Tue Feb 12 09:20:38 2008: ERR: Could not load EAP module Radius::EAP_43: Can't locate Net/SSLea
> y.pm in @INC (@INC contains: . /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.
> 5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-li
> nux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_per
> l/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib
> /perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/si
> te_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site
> _perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/
> 5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib
> /perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-th
> read-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/
> 5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4
> /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5
> .8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/site_perl
> /Radius/TLS.pm line 15.
> BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/Radius/TLS.pm line 15.
> Compilation failed in require at /usr/lib/perl5/site_perl/Radius/EAP_43.pm line 16.
> BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/Radius/EAP_43.pm line 16.
> Compilation failed in require at (eval 41) line 3.
>
> Tue Feb 12 09:20:38 2008: DEBUG: EAP result: 1, Unsupported default EAP Response/Identity FAST
> Tue Feb 12 09:20:38 2008: DEBUG: AuthBy FILE result: REJECT, Unsupported default EAP Response/I
> dentity FAST
> Tue Feb 12 09:20:38 2008: INFO: Access rejected for widevaio: Unsupported default EAP Response/
> Identity FAST
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list