[RADIATOR] Perl64 bit EAP problems

Vandenbroucke Luc lvandenb at sckcen.be
Fri Aug 19 02:15:20 CDT 2011


Update:

When installing the older SSLeay as documented in the Faq everything works fine .
ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd

So it is not caused by the 64 Bit system.
Luc

-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Vandenbroucke Luc
Sent: donderdag 18 augustus 2011 17:27
To: 'radiator at open.com.au'
Subject: [RADIATOR] Perl64 bit EAP problems


Dear,

It seems , when using Active Perl 64 bit  (ActivePerl-5.12.4.1205-MSWin32-x64-294981.msi), that I have problems with EAP.
"SSL3_GET_RECORD:decryption failed or bad record mac"
It is a Windows 2008R2 Machine, but when I install the same 32 bit version of Activeperl, everything works fine.
The installation is done the same way, except for the 'perl64' part, which is just c:\perl for 32 bit
cd \perl64\bin
ppm install Win32::Daemon
ppm install Digest::HMAC
ppm install Digest::MD4
ppm install Net::LDAP
ppm install http://www.open.com.au/radiator/free-downloads/Win32-Lsa.ppd
cd C:\Radiator\Radiator-4.8
c:\perl64\bin\perl.exe Makefile.pl
c:\perl64\bin\perl.exe test.pl
c:\perl64\bin\perl.exe Makefile.pl install
sc stop radiator
sc delete radiator
c:\perl64\bin\perl.exe c:\perl64\bin\radiusd -install

....

Authentic:  <140>t<8>"o<31><200><199>Wj<23>+,L<248><246>
Attributes:
        NAS-Port-Id = "AP2/1"
        Calling-Station-Id = "3C-5A-37-12-41-F9"
        Called-Station-Id = "00-0B-0E-CF-26-C8:radroam"
        Service-Type = Framed-User
        User-Name = "User01 at sck.be"
        NAS-Port = 2872
        EAP-Message = <2><7><1>P<25><128><0><0><1>F<22><3><1><1><6><16><0><1><2>
<1><0>A<9>G<4><188><241><170><211><136>vW<241><155><233>UP<165><217><222>oT<227>
<170>i4<233><183>}<203><231><30><238>v<162><138>j'<28><144>&<134>M<24><185>AFK<1
91>p<242>o<226><3>-<4><7><0><145><224><248>';<7><141><183><165>h<240>~<19><218><
196><211>Z<15><184><137>R<156>m=D]<25>Ys<128><188><31><183><136><138><154><178><
153>t<184><15><227><21><155><211>;<145>Eg<23><245><142>)<195><207><174><252><129
>S<176><225><144>'I<160><144><243><142><166><21>e&R<253>8<153>]c<127><137>A<163>
<15>&<14> ?5<217>+<29>SIHI<131>o<217><6><229><28><205><199><202><197>@A<222><139
>NA<5>O<156><171>0<209><0>+V<251><208><14><229>g<138>!v<210><14>C<131>!^?<178><1
95><0>C<14><131><167><176><134>=?<11>f<245><20>o<183>E<222>P9w7<190>X<15><6>U<19
>Y<161><208><227><175>-1<249><170>&
        EAP-Message = R<232>I<148>w<178><23>K/<226><137><206><240><235>5[r<195><
255><8>i<16>XG<181><20><3><1><0><1><1><22><3><1><0>0OA<132><25>vz_<171>F<14><233
><254><237>!#<196><195>/$<235>w<202>~<177><216><233><209><158><20><175><248>_<17
0><213><166><129><170>n<28>Q<173><136>$q<202><232>ID
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-IP-Address = 10.73.240.101
        NAS-Identifier = "Trapeze"
        Message-Authenticator = <183>p'6<159>;<138>+<218><255><23>V<161><172><15
2><212>

Thu Aug 18 17:20:28 2011: DEBUG: Handling request with Handler 'EAPType=PEAP,Rea
lm=/^(|sck\.be|sckcen\.be)$/i', Identifier ''
Thu Aug 18 17:20:28 2011: DEBUG:  Deleting session for User01 at sck.be, 10.73.240.
101, 2872
Thu Aug 18 17:20:28 2011: DEBUG: Handling with Radius::AuthLSA: LSAPEAP
Thu Aug 18 17:20:28 2011: DEBUG: Handling with EAP: code 2, 7, 336, 25
Thu Aug 18 17:20:28 2011: DEBUG: Response type 25
Thu Aug 18 17:20:28 2011: DEBUG: EAP TLS SSL_accept result: -1, 1, 8608
Thu Aug 18 17:20:28 2011: ERR: EAP TLS error: -1, 1, 8608,  2668: 1 - error:1408
F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

Thu Aug 18 17:20:28 2011: DEBUG: EAP result: 1, EAP PEAP TLS error
Thu Aug 18 17:20:28 2011: DEBUG: AuthBy LSA result: REJECT, EAP PEAP TLS error
Thu Aug 18 17:20:28 2011: INFO: Access rejected for User01 at sck.be: EAP PEAP TLS
error
Thu Aug 18 17:20:28 2011: DEBUG: Packet dump:
*** Sending to 10.73.240.101 port 20002 ....
Code:       Access-Reject
Identifier: 181


Luc Vandenbroucke
System Engineer
SCK-CEN


SCK-CEN Disclaimer: http://www.sckcen.be/en/Legal-aspects/E-mail-disclaimer

_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator




More information about the radiator mailing list