[RADIATOR] No Shared Cipher

Hugh Irvine hugh at open.com.au
Mon Feb 8 20:48:38 CST 2010


Hello Corey -

Have you installed all of the EAP prerequisites? And have you installed the correct certificate(s) on the client(s)?

And have you checked that the shared secrets are correct?

regards

Hugh


On 9 Feb 2010, at 13:00, Corey Gray wrote:

> Hi all
> Im currently getting a No Shared cipher error when trying to connect to my radius server. I have read that it could have been a corrupted directory so I removed the directory and reestablished it. If I can get this bit working then I will have a working radius server. Thanks in advance
>  
>  
> here is a trace
>  
> Tue Feb  9 01:54:56 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Tue Feb  9 01:54:56 2010: DEBUG:  Deleting session for corey, 192.168.***.***, 59
> Tue Feb  9 01:54:56 2010: DEBUG: Handling with Radius::AuthFILE:
> Tue Feb  9 01:54:56 2010: DEBUG: Handling with EAP: code 2, 1, 84, 21
> Tue Feb  9 01:54:56 2010: DEBUG: Response type 21
> Tue Feb  9 01:54:56 2010: DEBUG: EAP TTLS data, 24576, 1, -1
> Tue Feb  9 01:54:56 2010: DEBUG: EAP TTLS SSL_accept result: -1, 1, 8466
> Tue Feb  9 01:54:56 2010: ERR: EAP TTLS error: -1, 1, 8466,  5476: 1 - error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
>  
> Tue Feb  9 01:54:56 2010: DEBUG: EAP result: 1, EAP TTLS error
> Tue Feb  9 01:54:56 2010: DEBUG: AuthBy FILE result: REJECT, EAP TTLS error
> Tue Feb  9 01:54:56 2010: INFO: Access rejected for corey: EAP TTLS error
> Tue Feb  9 01:54:56 2010: DEBUG: Packet dump:
>  
> And here is the config
>  
> Foreground
> LogStdout
> BindAddress     192.168.***.***
> LogDir          /var/log/radius
> DbDir           /etc/radiator
> # Use a low trace level in production systems. Increase
> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> Trace           4
>  
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
>          Secret  ***
>         DupInterval 0
> </Client>
>  
> <Realm DEFAULT>
> <AuthBy FILE>
>         Filename %D/users
>         EAPType TTLS, MSCHAP-V2
>         EAPTLS_CAPath /etc/radiator/certificates/private/cakey.pem
>         EAPTLS_CertificateFile /etc/radiator/certificates/RadiatorCert.pem
>         EAPTLS_CertificateType PEM
>         EAPTLS_MaxFragmentSize 1000
>         EAPTTLS_NoAckRequired
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName %L/detail
> #<AuthBy KRB5>
> #               KrbRealm = TSA
> #       </AuthBy>
> #</Realm>
>  
>  
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4849 (20100208) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list