[RADIATOR] EAPS TTLS

Hugh Irvine hugh at open.com.au
Tue Oct 26 16:43:37 CDT 2010 

Hello Gilbert -

As the debug below shows, you have not installed Net-SSLeay (and of course you also need OpenSSL).

regards

Hugh


On 27 Oct 2010, at 08:37, Gilbert T. Gutierrez, Jr. wrote:

> I need to setup EAPS TTLS and am having difficulties.  I have not populated 
> the user details nor have I added the dictionary, but I don't think the 
> system is getting beyond eaps.  Below is the setup and log.
> 
> Thank you,
> Gilbert
> 
> 1. Equipment: Motorola PMP-320 WiMAX
> 2. Instructions are provided to enable with FreeRadius2
> 3. Instructions: modify eap.conf with the following.
>    a. private_key_password=PMP320DemoCertificate
>    b. private_key_file=${certdir}/pmp320server_key.pem
>    c. certificate_file=${certdir}/pmp320server_cert.pem
>    d. CA_file=${cadir}/ca.pem
>    e. copy_request_to_tunnel=yes
>    f. use_tunnel_reply=yes
> 4. They provide a custom dictionary
> 5. The NAS/client device uses both a secret and a shortname
> 6. currently in my radius.cfg file I have the following...
> # Test WiMAX
> <Client 10.253.80.85>
>        Secret testtest
>        DefaultRealm motowimax
> </Client>
> 
> <Realm motowimax>
>        <AuthBy FILE>
>                Filename %D/users
>                EAPType TTLS, MSCHAP-V2
>                EAPTLS_CAFile %D/certificates/pmp320certs/pmp320cacert.pem
>                EAPTLS_CertificateFile 
> %D/certificates/pmp320certs/pmp320server_
> cert.pem
>                EAPTLS_CertificateType PEM
>                EAPTLS_PrivateKeyFile 
> %D/certificates/pmp320certs/pmp320server_k
> ey.pem
>                EAPTLS_PrivateKeyPassword PMP320DemoCertificate
>        </AuthBy>
> </Realm>
> 
> 
> 
> Tue Oct 26 14:35:34 2010: DEBUG: Packet dump:
> *** Received from 10.253.80.85 port 1813 ....
> 
> Packet length = 132
> 01 00 00 84 47 1b 5e e7 b2 d3 af 5c 01 39 a8 c7
> d2 49 e6 c4 01 0a 64 65 6d 6f 63 70 65 31 04 06
> 00 00 00 00 20 0a 61 6d 69 74 74 65 73 74 1f 13
> 36 34 3a 65 64 3a 35 37 3a 32 30 3a 30 39 3a 62
> 30 0c 06 00 00 05 78 3d 06 00 00 00 1b 4d 16 57
> 69 4d 41 58 20 61 75 74 68 65 6e 74 69 63 61 74
> 69 6f 6e 4f 0f 02 00 00 0d 01 64 65 6d 6f 63 70
> 65 31 50 12 bf bf 9b 19 d6 94 d2 fa 58 c7 de e2
> f9 8f 23 78
> Code:       Access-Request
> Identifier: 0
> Authentic:  G<27>^<231><178><211><175>\<1>9<168><199><210>I<230><196>
> Attributes:
>        User-Name = "democpe1"
>        NAS-IP-Address = 0.0.0.0
>        NAS-Identifier = "amittest"
>        Calling-Station-Id = "64:ed:57:20:09:b0"
>        Framed-MTU = 1400
>        NAS-Port-Type = Wireless-IEEE-802.16
>        Connect-Info = "WiMAX authentication"
>        EAP-Message = <2><0><0><13><1>democpe1
>        Message-Authenticator = 
> <191><191><155><25><214><148><210><250>X<199><222><226><249><143>#x
> 
> Tue Oct 26 14:35:34 2010: DEBUG: Handling request with Handler 
> 'Realm=motowimax'
> Tue Oct 26 14:35:34 2010: DEBUG:  Deleting session for democpe1, 0.0.0.0,
> Tue Oct 26 14:35:34 2010: DEBUG: Handling with Radius::AuthFILE:
> Tue Oct 26 14:35:34 2010: DEBUG: Handling with EAP: code 2, 0, 13, 1
> Tue Oct 26 14:35:34 2010: DEBUG: Response type 1
> Tue Oct 26 14:35:34 2010: ERR: Could not load EAP module Radius::EAP_21: 
> Can't locate Net/SSLeay.pm in @INC (@INC contains: . 
> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi 
> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 
> /usr/lib/perl5/site_perl 
> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi 
> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl 
> /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at 
> /usr/lib/perl5/site_perl/5.8.8/Radius/TLS.pm line 15.
> BEGIN failed--compilation aborted at 
> /usr/lib/perl5/site_perl/5.8.8/Radius/TLS.pm line 15.
> Compilation failed in require at 
> /usr/lib/perl5/site_perl/5.8.8/Radius/EAP_21.pm line 18.
> BEGIN failed--compilation aborted at 
> /usr/lib/perl5/site_perl/5.8.8/Radius/EAP_21.pm line 18.
> Compilation failed in require at (eval 44) line 3.
> 
> Tue Oct 26 14:35:34 2010: DEBUG: EAP result: 1, Unsupported default EAP 
> Response/Identity TTLS
> Tue Oct 26 14:35:34 2010: DEBUG: AuthBy FILE result: REJECT, Unsupported 
> default EAP Response/Identity TTLS
> Tue Oct 26 14:35:34 2010: INFO: Access rejected for democpe1 at motowimax: 
> Unsupported default EAP Response/Identity TTLS
> Tue Oct 26 14:35:34 2010: DEBUG: Packet dump:
> *** Sending to 10.253.80.85 port 1813 ....
> 
> Packet length = 36
> 03 00 00 24 a1 07 25 f7 85 3b f0 bc 5f fd 61 7b
> 34 22 10 f5 12 10 52 65 71 75 65 73 74 20 44 65
> 6e 69 65 64
> Code:       Access-Reject
> Identifier: 0
> Authentic:  <161><7>%<247><133>;<240><188>_<253>a{4"<16><245>
> Attributes:
>        Reply-Message = "Request Denied"
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

More information about the radiator mailing list