[RADIATOR] RADSEC error after upgrade from Radiator 4.3.1 to Radiator 4.4

Thu Sep 10 03:05:44 CDT 2009

Hello Patrick -

Just to clarify - do you still have a problem or not?

In other words, have the latest patches fixed the problem?

thanks and regards

Hugh

On 10 Sep 2009, at 00:25, Patrick Renkens wrote:

> Hi Heikki,
>
> Thanks for your quick response.
> I used the latest patch-file, downloaded it today.
>
> Kind regards,
> Patrick Renkens
>  Centre for Information Services (UCI)
>  Radboud University Nijmegen, Netherlands
>
>
> Heikki Vatiainen schreef:
>> Patrick Renkens wrote:
>>
>>> Today I upgraded Radiator from 4.3.1 to 4.4 on a SUN Solaris 5.9  
>>> system.
>>> After the upgrade the RADSEC connection over IPv6 did not work  
>>> properly
>>> any more. See a piece of the logging below.
>>> No changes were made to the config files.
>>> I know that Net_SSLeay.pm is a module that can be a pain in the  
>>> neck, we
>>> use version 1.30.
>>
>> Do you have the latest patch set for 4.4 applied?
>>
>> I was working on RadSec configuration on june-july and noticed also  
>> some
>> problems with 4.4 that was not patched. One of the problem was with
>> certificate verification.
>>
>> From the debug it looks like you have at least some of the patches
>> installed (looks familiar :), but the interesting parts have been  
>> cut away.
>>
>> If you are patched to the latest, please see TLS_ExpectedPeerName for
>> both Server and AuthBy RADSEC. On one it is unspecified, and on the
>> other it defaults to .+, i.e., allow any.
>>
>> In summary my advice is to check the above keywords and check the
>> "Certificate verification" chapters for both Server and AuthBy  
>> RADSEC.
>> The verification works a bit differently between them, but with the
>> latest patches it should work as documented.
>>
>>> I had to revert to 4.3.1 to make things work again (without changing
>>> config files).
>>>
>>> Any help is appreciated.
>>
>> I hope this helps!
>>
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.