[RADIATOR] (RADIATOR) AuthBy FILE result: IGNORE, TLS not initialised
Hugh Irvine
hugh at open.com.au
Wed Jun 25 17:46:07 CDT 2008
Hello Peter -
Thanks for the additional information.
I think at least part of the problem may be that you have configured
Radiator for TTLS only, but the client wants to do TLS:
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling request with Handler
>>>>> 'Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User-Name=/@/'
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Deleting session for
>>>>> anonymous at avans.nl, x.x.x.x, 9829
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling with Radius::AuthFILE:
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling with EAP: code 2, 2,
>>>>> 60, 21
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Response type 21
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: EAP result: 2, TLS not
>>>>> initialised
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: AuthBy FILE result: IGNORE, TLS
>>>>> not initialised
>>>>> Fri Jun 20 09:41:24 2008: DEBUG: Packet dump:
>>>>>
I think you should add "TLS" to your EAPType:
EAPType TTLS, TLS
If you are still having problems please send me the startup messages
followed by the processing for a few requests so I can see the whole
sequence.
thanks and regards
Hugh
On 25 Jun 2008, at 16:43, Peter Havekes wrote:
> The startup @ trace 5:
>
> infra-owb-1:/etc/radiator# perl /usr/local/bin/radiusd -foreground -
> log_stdout -trace 5 -config_file /etc/radiator/radius.cfg
> Wed Jun 25 08:18:03 2008: DEBUG: include /etc/radiator/lokaleldap.cfg
> Wed Jun 25 08:18:03 2008: DEBUG: Finished reading configuration
> file '/etc/radiator/radius.cfg'
> Wed Jun 25 08:18:03 2008: DEBUG: Reading dictionary file '/etc/
> radiator/dictionary'
> Wed Jun 25 08:18:03 2008: DEBUG: Reading dictionary file '/etc/
> radiator/osiris.dictionary'
> Wed Jun 25 08:18:03 2008: DEBUG: Reading dictionary file '/etc/
> radiator/surfnet.dictionary'
> Wed Jun 25 08:18:03 2008: DEBUG: Reading dictionary file '/etc/
> radiator/trapeze.dictionary'
> Wed Jun 25 08:18:03 2008: DEBUG: Creating authentication port
> 0.0.0.0:1812
> Wed Jun 25 08:18:03 2008: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Wed Jun 25 08:18:03 2008: DEBUG: Creating accounting port 0.0.0.0:1813
> Wed Jun 25 08:18:03 2008: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Jun 25 08:18:03 2008: NOTICE: Server started: Radiator 4.2 on
> infra-owb-1
>
>
>
> Nothing weird here I think...
>
>
> To be complete some Perl info:
>
> infra-owb-1:/etc/radiator# perl -V
> Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
> Platform:
> osname=linux, osvers=2.6.24.4, archname=i486-linux-gnu-thread-
> multi
> uname='linux ninsei 2.6.24.4 #1 smp preempt fri apr 18 15:36:09
> pdt 2008 i686 gnulinux '
> config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -
> Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr -
> Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8 -
> Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/
> lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/
> 5.8.8 -Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/
> man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/
> man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -
> Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -
> Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
> hint=recommended, useposix=true, d_sigaction=define
> usethreads=define use5005threads=undef useithreads=define
> usemultiplicity=define
> useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
> use64bitint=undef use64bitall=undef uselongdouble=undef
> usemymalloc=n, bincompat5005=undef
> Compiler:
> cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -
> DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/
> include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
> optimize='-O2',
> cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -
> DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
> ccversion='', gccversion='4.1.2 20061115 (prerelease) (Debian
> 4.1.1-21)', gccosandvers=''
> intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
> d_longlong=define, longlongsize=8, d_longdbl=define,
> longdblsize=12
> ivtype='long', ivsize=4, nvtype='double', nvsize=8,
> Off_t='off_t', lseeksize=8
> alignbytes=4, prototype=define
> Linker and Libraries:
> ld='cc', ldflags =' -L/usr/local/lib'
> libpth=/usr/local/lib /lib /usr/lib
> libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
> perllibs=-ldl -lm -lpthread -lc -lcrypt
> libc=/lib/libc-2.3.6.so, so=so, useshrplib=true,
> libperl=libperl.so.5.8.8
> gnulibc_version='2.3.6'
> Dynamic Linking:
> dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
> cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
>
>
> Characteristics of this binary (from libperl):
> Compile-time options: MULTIPLICITY PERL_IMPLICIT_CONTEXT
> PERL_MALLOC_WRAP THREADS_HAVE_PIDS
> USE_ITHREADS
> USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
> Built under linux
> Compiled at Apr 25 2008 20:23:05
> @INC:
> /etc/perl
> /usr/local/lib/perl/5.8.8
> /usr/local/share/perl/5.8.8
> /usr/lib/perl5
> /usr/share/perl5
> /usr/lib/perl/5.8
> /usr/share/perl/5.8
> /usr/local/lib/site_perl
> /usr/local/lib/perl/5.8.4
> /usr/local/share/perl/5.8.4
> .
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> Peter Havekes
> DIF-ICT
> ICT-Ontwikkeling
> Avans Hogeschool
> Onderwijsboulevard 215
> 5223 DE 's-Hertogenbosch
> Telefoon 0736 295 592
> Mobiel 0612917383
> Fax 0736295488
> email/msn p.havekes at avans.nl
>
>
>
>>>> On 25-6-2008 at 2:08 A, Hugh Irvine <hugh at open.com.au> wrote:
>
>> Hello Peter -
>>
>> Could you please send me a copy of the startup messages and trace 4
>> when you run radiusd from the command line as shown below?
>>
>> Have you set up your certificates correctly?
>>
>> regards
>>
>> Hugh
>>
>>
>>
>> On 24 Jun 2008, at 18:50, Peter Havekes wrote:
>>
>>> I've tried this, but I don't see any perl errors... All
>>> prerequisites are installed...
>>>
>>> Any more tips... I'm kind-off stuck here....
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>> Peter Havekes
>>> DIF-ICT
>>> ICT-Ontwikkeling
>>> Avans Hogeschool
>>> Onderwijsboulevard 215
>>> 5223 DE 's-Hertogenbosch
>>> Telefoon 0736 295 592
>>> Mobiel 0612917383
>>> Fax 0736295488
>>> email/msn p.havekes at avans.nl
>>>
>>>
>>>
>>>>>> On 20-6-2008 at 3:03 P, Hugh Irvine <hugh at open.com.au> wrote:
>>>
>>>> Hello Peter -
>>>>
>>>> The prerequisites are listed at the beginning of the example
>>>> configuration files in "goodies/eap_*.cfg" and in the reference
>>>> manual ("doc/ref.pdf").
>>>>
>>>> The easiest way to see what is happening is to start radiusd in a
>>>> terminal window like this for testing (with your own pathnames of
>>>> course):
>>>>
>>>> cd /your/Radiator/source/distribution
>>>>
>>>> perl radiusd -foreground -log_stdout -trace 4 -config_file /your/
>>>> Radiator/configuration/file
>>>>
>>>> .....
>>>>
>>>> You will then see any Perl error messages directly so you can see
>>>> what is wrong/missing.
>>>>
>>>> Radiator 4.2 (plus patches) is the most recent version.
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 20 Jun 2008, at 18:06, Peter Havekes wrote:
>>>>
>>>>> LS,
>>>>>
>>>>> I've copied my radius config from one debian-server to another. On
>>>>> the original server EAP-TTLS worked fine, but on the new server I
>>>>> get the error mentioned in the subject. I've used a fresh radiator
>>>>> install and then copied /etc/radiator/ (including subdirs) to the
>>>>> new server.
>>>>>
>>>>> I guess I need to install some perl-lib, but the logfile (trace 5)
>>>>> doesn't give any clues what is going wrong. The " TLS not
>>>>> initialised" error is the only one I see.
>>>>>
>>>>> Relevant config:
>>>>>
>>>>>
>>>>>
>>>>> <Handler Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User-
>>>>> Name=/@/>
>>>>> <AuthBy FILE>
>>>>> Filename %D/users
>>>>> EAPType TTLS
>>>>> EAPTLS_CAFile /etc/radiator/wificert/root.pem
>>>>> EAPTLS_CertificateFile /etc/radiator/wificert/
>>>>> server.crt
>>>>> EAPTLS_CertificateType PEM
>>>>> EAPTLS_PrivateKeyFile /etc/radiator/wificert/
>>>>> server.key
>>>>> EAPTLS_PrivateKeyPassword XXXXXXXXXXXXXXXXXXX
>>>>> EAPTLS_MaxFragmentSize 512
>>>>> AutoMPPEKeys
>>>>> </AuthBy>
>>>>> PostProcessingHook file:"/etc/radiator/
>>>>> eap_acct_username.pl"
>>>>> </Handler>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Relevant logging
>>>>>
>>>>>
>>>>> Code: Access-Request
>>>>> Identifier: 196
>>>>> Authentic: <0><139><196><135>X<19>{Xg<6><251><148>{n<230>c
>>>>> Attributes:
>>>>> NAS-Port-Id = "AP81/1"
>>>>> Calling-Station-Id = "00-09-2D-89-65-98"
>>>>> Called-Station-Id = "00-0B-0E-33-4C-80:eduroam"
>>>>> Service-Type = Framed-User
>>>>> User-Name = "anonymous at avans.nl"
>>>>> NAS-Port = 9829
>>>>> EAP-Message = <2><2><0><<21><128><0><0><0>2<22><3><1><0>-
>>>>> <1><0><0>)
>>>>> <3><1><233><146><213><31>9<201><136><159><212><134>I6<186><199><22
>>>>> 8>
>>>>> <2
>>>>> 01>F<17><246
>>>>> NAS-Port-Type = 19
>>>>> NAS-Identifier = "Trapeze"
>>>>> NAS-IP-Address = x.x.x.x
>>>>> Message-Authenticator = <146><142>i<18>0 w
>>>>> {&<5>2<161>_<217>u_
>>>>>
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling request with Handler
>>>>> 'Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User-Name=/@/'
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Deleting session for
>>>>> anonymous at avans.nl, x.x.x.x, 9829
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling with Radius::AuthFILE:
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Handling with EAP: code 2, 2,
>>>>> 60, 21
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: Response type 21
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: EAP result: 2, TLS not
>>>>> initialised
>>>>> Fri Jun 20 09:41:14 2008: DEBUG: AuthBy FILE result: IGNORE, TLS
>>>>> not initialised
>>>>> Fri Jun 20 09:41:24 2008: DEBUG: Packet dump:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Any clues/hints/tips?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Peter Havekes
>>>>> DIF-ICT
>>>>> Systeem- en Netwerkbeheerder
>>>>> Avans Hogeschool
>>>>> Onderwijsboulevard 215
>>>>> 5223 DE 's-Hertogenbosch
>>>>> Telefoon 0736295592
>>>>> Mobiel 0612917383
>>>>> Fax 0736295405
>>>>> email / msn p.havekes at avans.nl
>>>>>
>>>>> "Dit is mijn uitspraak en daar zult u het mee moeten doen!"
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --
>>>>> --
>>>>> -----
>>>>> Op deze e-mail zijn de volgende voorwaarden van toepassing:
>>>>> The following conditions apply to this e-mail:
>>>>> http://emaildisclaimer.avans.nl
>>>>> ------------------------------------------------------------------
>>>>> --
>>>>> --
>>>>> -----
>>>>>
>>>>> --
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>>
>>>> NB:
>>>>
>>>> Have you read the reference manual ("doc/ref.html")?
>>>> Have you searched the mailing list archive (www.open.com.au/
>>>> archives/
>>>> radiator)?
>>>> Have you had a quick look on Google (www.google.com)?
>>>> Have you included a copy of your configuration file (no secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>> Have you checked the RadiusExpert wiki:
>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list