[RADIATOR] No Shared Cipher

Corey Gray corey at tsa.com.au
Mon Feb 8 20:00:55 CST 2010 

<http://caab.net>

Hi all

Im currently getting a No Shared cipher error when trying to connect to my radius server. I have read that it could have been a corrupted directory so I removed the directory and reestablished it. If I can get this bit working then I will have a working radius server. Thanks in advance





here is a trace



Tue Feb  9 01:54:56 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT'

Tue Feb  9 01:54:56 2010: DEBUG:  Deleting session for corey, 192.168.***.***, 59

Tue Feb  9 01:54:56 2010: DEBUG: Handling with Radius::AuthFILE:

Tue Feb  9 01:54:56 2010: DEBUG: Handling with EAP: code 2, 1, 84, 21

Tue Feb  9 01:54:56 2010: DEBUG: Response type 21

Tue Feb  9 01:54:56 2010: DEBUG: EAP TTLS data, 24576, 1, -1

Tue Feb  9 01:54:56 2010: DEBUG: EAP TTLS SSL_accept result: -1, 1, 8466

Tue Feb  9 01:54:56 2010: ERR: EAP TTLS error: -1, 1, 8466,  5476: 1 - error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher



Tue Feb  9 01:54:56 2010: DEBUG: EAP result: 1, EAP TTLS error

Tue Feb  9 01:54:56 2010: DEBUG: AuthBy FILE result: REJECT, EAP TTLS error

Tue Feb  9 01:54:56 2010: INFO: Access rejected for corey: EAP TTLS error

Tue Feb  9 01:54:56 2010: DEBUG: Packet dump:



And here is the config



Foreground

LogStdout

BindAddress     192.168.***.***

LogDir          /var/log/radius

DbDir           /etc/radiator

# Use a low trace level in production systems. Increase

# it to 4 or 5 for debugging, or use the -trace flag to radiusd

Trace           4



# You will probably want to add other Clients to suit your site,

# one for each NAS you want to work with

<Client DEFAULT>

         Secret  ***

        DupInterval 0

</Client>



<Realm DEFAULT>

<AuthBy FILE>

        Filename %D/users

        EAPType TTLS, MSCHAP-V2

        EAPTLS_CAPath /etc/radiator/certificates/private/cakey.pem

        EAPTLS_CertificateFile /etc/radiator/certificates/RadiatorCert.pem

        EAPTLS_CertificateType PEM

        EAPTLS_MaxFragmentSize 1000

        EAPTTLS_NoAckRequired

</AuthBy>

# Log accounting to a detail file

AcctLogFileName %L/detail

#<AuthBy KRB5>

#               KrbRealm = TSA

#       </AuthBy>

#</Realm>





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100209/ccbf85ee/attachment.html

More information about the radiator mailing list