(RADIATOR) AuthBy FILE result: IGNORE, TLS not initialised

Hugh Irvine hugh at open.com.au
Fri Jun 20 08:03:42 CDT 2008 

Hello Peter -

The prerequisites are listed at the beginning of the example  
configuration files in "goodies/eap_*.cfg" and in the reference  
manual ("doc/ref.pdf").

The easiest way to see what is happening is to start radiusd in a  
terminal window like this for testing (with your own pathnames of  
course):

	cd /your/Radiator/source/distribution

	perl radiusd -foreground -log_stdout -trace 4 -config_file /your/ 
Radiator/configuration/file

	.....

You will then see any Perl error messages directly so you can see  
what is wrong/missing.

Radiator 4.2 (plus patches) is the most recent version.

regards

Hugh


On 20 Jun 2008, at 18:06, Peter Havekes wrote:

> LS,
>
> I've copied my radius config from one debian-server to another. On  
> the original server EAP-TTLS worked fine, but on the new server I  
> get the error mentioned in the subject. I've used a fresh radiator  
> install and then copied /etc/radiator/ (including subdirs) to the  
> new server.
>
> I guess I need to install some perl-lib, but the logfile (trace 5)  
> doesn't give any clues what is going wrong. The " TLS not  
> initialised" error is the only one I see.
>
> Relevant config:
>
>
>
> <Handler Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User-Name=/@/>
>         <AuthBy FILE>
>                 Filename %D/users
>                 EAPType TTLS
>                 EAPTLS_CAFile /etc/radiator/wificert/root.pem
>                 EAPTLS_CertificateFile /etc/radiator/wificert/ 
> server.crt
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile /etc/radiator/wificert/ 
> server.key
>                 EAPTLS_PrivateKeyPassword XXXXXXXXXXXXXXXXXXX
>                 EAPTLS_MaxFragmentSize 512
>                 AutoMPPEKeys
>         </AuthBy>
>         PostProcessingHook file:"/etc/radiator/eap_acct_username.pl"
> </Handler>
>
>
>
>
>
> Relevant logging
>
>
> Code:       Access-Request
> Identifier: 196
> Authentic:  <0><139><196><135>X<19>{Xg<6><251><148>{n<230>c
> Attributes:
>         NAS-Port-Id = "AP81/1"
>         Calling-Station-Id = "00-09-2D-89-65-98"
>         Called-Station-Id = "00-0B-0E-33-4C-80:eduroam"
>         Service-Type = Framed-User
>         User-Name = "anonymous at avans.nl"
>         NAS-Port = 9829
>         EAP-Message = <2><2><0><<21><128><0><0><0>2<22><3><1><0>- 
> <1><0><0>) 
> <3><1><233><146><213><31>9<201><136><159><212><134>I6<186><199><228><2 
> 01>F<17><246
>         NAS-Port-Type = 19
>         NAS-Identifier = "Trapeze"
>         NAS-IP-Address = x.x.x.x
>         Message-Authenticator = <146><142>i<18>0 w{&<5>2<161>_<217>u_
>
> Fri Jun 20 09:41:14 2008: DEBUG: Handling request with Handler  
> 'Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User-Name=/@/'
> Fri Jun 20 09:41:14 2008: DEBUG:  Deleting session for  
> anonymous at avans.nl, x.x.x.x, 9829
> Fri Jun 20 09:41:14 2008: DEBUG: Handling with Radius::AuthFILE:
> Fri Jun 20 09:41:14 2008: DEBUG: Handling with EAP: code 2, 2, 60, 21
> Fri Jun 20 09:41:14 2008: DEBUG: Response type 21
> Fri Jun 20 09:41:14 2008: DEBUG: EAP result: 2, TLS not initialised
> Fri Jun 20 09:41:14 2008: DEBUG: AuthBy FILE result: IGNORE, TLS  
> not initialised
> Fri Jun 20 09:41:24 2008: DEBUG: Packet dump:
>
>
>
>
>
>
>
> Any clues/hints/tips?
>
>
>
>
>
>
> -- 
>
> Peter Havekes
> DIF-ICT
> Systeem- en Netwerkbeheerder
> Avans Hogeschool
> Onderwijsboulevard 215
> 5223 DE 's-Hertogenbosch
> Telefoon 0736295592
> Mobiel 0612917383
> Fax 0736295405
> email / msn p.havekes at avans.nl
>
> "Dit is mijn uitspraak en daar zult u het mee moeten doen!"
>
>
>
>
> ---------------------------------------------------------------------- 
> -----
> Op deze e-mail zijn de volgende voorwaarden van toepassing:
> The following conditions apply to this e-mail:
> http://emaildisclaimer.avans.nl
> ---------------------------------------------------------------------- 
> -----
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list