[RADIATOR] (RADIATOR) AuthBy FILE result: IGNORE, TLS not initialised

Hugh Irvine hugh at open.com.au
Tue Jun 24 19:08:34 CDT 2008


Hello Peter -

Could you please send me a copy of the startup messages and trace 4  
when you run radiusd from the command line as shown below?

Have you set up your certificates correctly?

regards

Hugh



On 24 Jun 2008, at 18:50, Peter Havekes wrote:

> I've tried this, but I don't see any perl errors... All  
> prerequisites are installed...
>
> Any more tips... I'm kind-off stuck here....
>
>
>
>
>
>
>
> -- 
>
>
> Peter Havekes
> DIF-ICT
> ICT-Ontwikkeling
> Avans Hogeschool
> Onderwijsboulevard 215
> 5223 DE 's-Hertogenbosch
> Telefoon    0736 295 592
> Mobiel       0612917383
> Fax           0736295488
> email/msn p.havekes at avans.nl
>
>
>
>>>> On 20-6-2008 at 3:03 P, Hugh Irvine <hugh at open.com.au> wrote:
>
>> Hello Peter -
>>
>> The prerequisites are listed at the beginning of the example
>> configuration files in "goodies/eap_*.cfg" and in the reference
>> manual ("doc/ref.pdf").
>>
>> The easiest way to see what is happening is to start radiusd in a
>> terminal window like this for testing (with your own pathnames of
>> course):
>>
>> 	cd /your/Radiator/source/distribution
>>
>> 	perl radiusd -foreground -log_stdout -trace 4 -config_file /your/
>> Radiator/configuration/file
>>
>> 	.....
>>
>> You will then see any Perl error messages directly so you can see
>> what is wrong/missing.
>>
>> Radiator 4.2 (plus patches) is the most recent version.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 20 Jun 2008, at 18:06, Peter Havekes wrote:
>>
>>> LS,
>>>
>>> I've copied my radius config from one debian-server to another. On
>>> the original server EAP-TTLS worked fine, but on the new server I
>>> get the error mentioned in the subject. I've used a fresh radiator
>>> install and then copied /etc/radiator/ (including subdirs) to the
>>> new server.
>>>
>>> I guess I need to install some perl-lib, but the logfile (trace 5)
>>> doesn't give any clues what is going wrong. The " TLS not
>>> initialised" error is the only one I see.
>>>
>>> Relevant config:
>>>
>>>
>>>
>>> <Handler Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User- 
>>> Name=/@/>
>>>         <AuthBy FILE>
>>>                 Filename %D/users
>>>                 EAPType TTLS
>>>                 EAPTLS_CAFile /etc/radiator/wificert/root.pem
>>>                 EAPTLS_CertificateFile /etc/radiator/wificert/
>>> server.crt
>>>                 EAPTLS_CertificateType PEM
>>>                 EAPTLS_PrivateKeyFile /etc/radiator/wificert/
>>> server.key
>>>                 EAPTLS_PrivateKeyPassword XXXXXXXXXXXXXXXXXXX
>>>                 EAPTLS_MaxFragmentSize 512
>>>                 AutoMPPEKeys
>>>         </AuthBy>
>>>         PostProcessingHook file:"/etc/radiator/eap_acct_username.pl"
>>> </Handler>
>>>
>>>
>>>
>>>
>>>
>>> Relevant logging
>>>
>>>
>>> Code:       Access-Request
>>> Identifier: 196
>>> Authentic:  <0><139><196><135>X<19>{Xg<6><251><148>{n<230>c
>>> Attributes:
>>>         NAS-Port-Id = "AP81/1"
>>>         Calling-Station-Id = "00-09-2D-89-65-98"
>>>         Called-Station-Id = "00-0B-0E-33-4C-80:eduroam"
>>>         Service-Type = Framed-User
>>>         User-Name = "anonymous at avans.nl"
>>>         NAS-Port = 9829
>>>         EAP-Message = <2><2><0><<21><128><0><0><0>2<22><3><1><0>-
>>> <1><0><0>)
>>> <3><1><233><146><213><31>9<201><136><159><212><134>I6<186><199><228> 
>>> <2
>>> 01>F<17><246
>>>         NAS-Port-Type = 19
>>>         NAS-Identifier = "Trapeze"
>>>         NAS-IP-Address = x.x.x.x
>>>         Message-Authenticator = <146><142>i<18>0 w 
>>> {&<5>2<161>_<217>u_
>>>
>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling request with Handler
>>> 'Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User-Name=/@/'
>>> Fri Jun 20 09:41:14 2008: DEBUG:  Deleting session for
>>> anonymous at avans.nl, x.x.x.x, 9829
>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling with EAP: code 2, 2,  
>>> 60, 21
>>> Fri Jun 20 09:41:14 2008: DEBUG: Response type 21
>>> Fri Jun 20 09:41:14 2008: DEBUG: EAP result: 2, TLS not initialised
>>> Fri Jun 20 09:41:14 2008: DEBUG: AuthBy FILE result: IGNORE, TLS
>>> not initialised
>>> Fri Jun 20 09:41:24 2008: DEBUG: Packet dump:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Any clues/hints/tips?
>>>
>>>
>>>
>>>
>>>
>>>
>>> -- 
>>>
>>> Peter Havekes
>>> DIF-ICT
>>> Systeem- en Netwerkbeheerder
>>> Avans Hogeschool
>>> Onderwijsboulevard 215
>>> 5223 DE 's-Hertogenbosch
>>> Telefoon 0736295592
>>> Mobiel 0612917383
>>> Fax 0736295405
>>> email / msn p.havekes at avans.nl
>>>
>>> "Dit is mijn uitspraak en daar zult u het mee moeten doen!"
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------------------- 
>>> --
>>> -----
>>> Op deze e-mail zijn de volgende voorwaarden van toepassing:
>>> The following conditions apply to this e-mail:
>>> http://emaildisclaimer.avans.nl
>>> -------------------------------------------------------------------- 
>>> --
>>> -----
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.




More information about the radiator mailing list