[RADIATOR] (RADIATOR) AuthBy FILE result: IGNORE, TLS not initialised

Peter Havekes p.havekes at avans.nl
Wed Jun 25 01:43:31 CDT 2008


The startup @ trace 5:

infra-owb-1:/etc/radiator# perl /usr/local/bin/radiusd -foreground -log_stdout -trace 5 -config_file /etc/radiator/radius.cfg
Wed Jun 25 08:18:03 2008: DEBUG: include /etc/radiator/lokaleldap.cfg
Wed Jun 25 08:18:03 2008: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg'
Wed Jun 25 08:18:03 2008: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
Wed Jun 25 08:18:03 2008: DEBUG: Reading dictionary file '/etc/radiator/osiris.dictionary'
Wed Jun 25 08:18:03 2008: DEBUG: Reading dictionary file '/etc/radiator/surfnet.dictionary'
Wed Jun 25 08:18:03 2008: DEBUG: Reading dictionary file '/etc/radiator/trapeze.dictionary'
Wed Jun 25 08:18:03 2008: DEBUG: Creating authentication port 0.0.0.0:1812
Wed Jun 25 08:18:03 2008: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Jun 25 08:18:03 2008: DEBUG: Creating accounting port 0.0.0.0:1813
Wed Jun 25 08:18:03 2008: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Jun 25 08:18:03 2008: NOTICE: Server started: Radiator 4.2 on infra-owb-1



Nothing weird here I think...


To be complete some Perl info:

infra-owb-1:/etc/radiator# perl -V
Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
  Platform:
    osname=linux, osvers=2.6.24.4, archname=i486-linux-gnu-thread-multi
    uname='linux ninsei 2.6.24.4 #1 smp preempt fri apr 18 15:36:09 pdt 2008 i686 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.8.8 -Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='4.1.2 20061115 (prerelease) (Debian 4.1.1-21)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.3.6.so, so=so, useshrplib=true, libperl=libperl.so.5.8.8
    gnulibc_version='2.3.6'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'


Characteristics of this binary (from libperl):
  Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT
                        PERL_MALLOC_WRAP THREADS_HAVE_PIDS USE_ITHREADS
                        USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
  Built under linux
  Compiled at Apr 25 2008 20:23:05
  @INC:
    /etc/perl
    /usr/local/lib/perl/5.8.8
    /usr/local/share/perl/5.8.8
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.8
    /usr/share/perl/5.8
    /usr/local/lib/site_perl
    /usr/local/lib/perl/5.8.4
    /usr/local/share/perl/5.8.4
    .






















-- 

 
Peter Havekes
DIF-ICT 
ICT-Ontwikkeling
Avans Hogeschool
Onderwijsboulevard 215
5223 DE 's-Hertogenbosch
Telefoon    0736 295 592
Mobiel       0612917383
Fax           0736295488
email/msn p.havekes at avans.nl



>>> On 25-6-2008 at 2:08 A, Hugh Irvine <hugh at open.com.au> wrote:

> Hello Peter -
> 
> Could you please send me a copy of the startup messages and trace 4  
> when you run radiusd from the command line as shown below?
> 
> Have you set up your certificates correctly?
> 
> regards
> 
> Hugh
> 
> 
> 
> On 24 Jun 2008, at 18:50, Peter Havekes wrote:
> 
>> I've tried this, but I don't see any perl errors... All  
>> prerequisites are installed...
>>
>> Any more tips... I'm kind-off stuck here....
>>
>>
>>
>>
>>
>>
>>
>> -- 
>>
>>
>> Peter Havekes
>> DIF-ICT
>> ICT-Ontwikkeling
>> Avans Hogeschool
>> Onderwijsboulevard 215
>> 5223 DE 's-Hertogenbosch
>> Telefoon    0736 295 592
>> Mobiel       0612917383
>> Fax           0736295488
>> email/msn p.havekes at avans.nl 
>>
>>
>>
>>>>> On 20-6-2008 at 3:03 P, Hugh Irvine <hugh at open.com.au> wrote:
>>
>>> Hello Peter -
>>>
>>> The prerequisites are listed at the beginning of the example
>>> configuration files in "goodies/eap_*.cfg" and in the reference
>>> manual ("doc/ref.pdf").
>>>
>>> The easiest way to see what is happening is to start radiusd in a
>>> terminal window like this for testing (with your own pathnames of
>>> course):
>>>
>>> 	cd /your/Radiator/source/distribution
>>>
>>> 	perl radiusd -foreground -log_stdout -trace 4 -config_file /your/
>>> Radiator/configuration/file
>>>
>>> 	.....
>>>
>>> You will then see any Perl error messages directly so you can see
>>> what is wrong/missing.
>>>
>>> Radiator 4.2 (plus patches) is the most recent version.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 20 Jun 2008, at 18:06, Peter Havekes wrote:
>>>
>>>> LS,
>>>>
>>>> I've copied my radius config from one debian-server to another. On
>>>> the original server EAP-TTLS worked fine, but on the new server I
>>>> get the error mentioned in the subject. I've used a fresh radiator
>>>> install and then copied /etc/radiator/ (including subdirs) to the
>>>> new server.
>>>>
>>>> I guess I need to install some perl-lib, but the logfile (trace 5)
>>>> doesn't give any clues what is going wrong. The " TLS not
>>>> initialised" error is the only one I see.
>>>>
>>>> Relevant config:
>>>>
>>>>
>>>>
>>>> <Handler Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User- 
>>>> Name=/@/>
>>>>         <AuthBy FILE>
>>>>                 Filename %D/users
>>>>                 EAPType TTLS
>>>>                 EAPTLS_CAFile /etc/radiator/wificert/root.pem
>>>>                 EAPTLS_CertificateFile /etc/radiator/wificert/
>>>> server.crt
>>>>                 EAPTLS_CertificateType PEM
>>>>                 EAPTLS_PrivateKeyFile /etc/radiator/wificert/
>>>> server.key
>>>>                 EAPTLS_PrivateKeyPassword XXXXXXXXXXXXXXXXXXX
>>>>                 EAPTLS_MaxFragmentSize 512
>>>>                 AutoMPPEKeys
>>>>         </AuthBy>
>>>>         PostProcessingHook file:"/etc/radiator/eap_acct_username.pl"
>>>> </Handler>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Relevant logging
>>>>
>>>>
>>>> Code:       Access-Request
>>>> Identifier: 196
>>>> Authentic:  <0><139><196><135>X<19>{Xg<6><251><148>{n<230>c
>>>> Attributes:
>>>>         NAS-Port-Id = "AP81/1"
>>>>         Calling-Station-Id = "00-09-2D-89-65-98"
>>>>         Called-Station-Id = "00-0B-0E-33-4C-80:eduroam"
>>>>         Service-Type = Framed-User
>>>>         User-Name = "anonymous at avans.nl"
>>>>         NAS-Port = 9829
>>>>         EAP-Message = <2><2><0><<21><128><0><0><0>2<22><3><1><0>-
>>>> <1><0><0>)
>>>> <3><1><233><146><213><31>9<201><136><159><212><134>I6<186><199><228> 
>>>> <2
>>>> 01>F<17><246
>>>>         NAS-Port-Type = 19
>>>>         NAS-Identifier = "Trapeze"
>>>>         NAS-IP-Address = x.x.x.x
>>>>         Message-Authenticator = <146><142>i<18>0 w 
>>>> {&<5>2<161>_<217>u_
>>>>
>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling request with Handler
>>>> 'Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User-Name=/@/'
>>>> Fri Jun 20 09:41:14 2008: DEBUG:  Deleting session for
>>>> anonymous at avans.nl, x.x.x.x, 9829
>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling with Radius::AuthFILE:
>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling with EAP: code 2, 2,  
>>>> 60, 21
>>>> Fri Jun 20 09:41:14 2008: DEBUG: Response type 21
>>>> Fri Jun 20 09:41:14 2008: DEBUG: EAP result: 2, TLS not initialised
>>>> Fri Jun 20 09:41:14 2008: DEBUG: AuthBy FILE result: IGNORE, TLS
>>>> not initialised
>>>> Fri Jun 20 09:41:24 2008: DEBUG: Packet dump:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Any clues/hints/tips?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>>
>>>> Peter Havekes
>>>> DIF-ICT
>>>> Systeem- en Netwerkbeheerder
>>>> Avans Hogeschool
>>>> Onderwijsboulevard 215
>>>> 5223 DE 's-Hertogenbosch
>>>> Telefoon 0736295592
>>>> Mobiel 0612917383
>>>> Fax 0736295405
>>>> email / msn p.havekes at avans.nl 
>>>>
>>>> "Dit is mijn uitspraak en daar zult u het mee moeten doen!"
>>>>
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------- 
>>>> --
>>>> -----
>>>> Op deze e-mail zijn de volgende voorwaarden van toepassing:
>>>> The following conditions apply to this e-mail:
>>>> http://emaildisclaimer.avans.nl 
>>>> -------------------------------------------------------------------- 
>>>> --
>>>> -----
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/ 
>>>> Announcements on radiator-announce at open.com.au 
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/archives/ 
>>> radiator)?
>>> Have you had a quick look on Google (www.google.com)? 
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page 
> 
> 
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/ 
> radiator)?
> Have you had a quick look on Google (www.google.com)? 
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page



More information about the radiator mailing list