[RADIATOR] Server 2008 R2 x64 - radsec certificate verify failed

Röver, Christian christian.roever at hfk-bremen.de
Wed Dec 14 03:52:39 CST 2011 

Hello Heikki,

thank you for your fast reply. I commented out the two lines you suggested.
There is no difference to see in the logs. 
The stream server always gets disconnected when receiving a request..


Wed Dec 14 09:57:44 2011: DEBUG: Creating StreamServer tcp port
127.0.0.1:2083
Wed Dec 14 09:57:45 2011: DEBUG: Stream attempting tcp connection to
xyz1.toplevel.de:2083
Wed Dec 14 09:57:45 2011: DEBUG: Stream connected to xyz1.toplevel.de:2083
Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS sessionInit for xyz1.toplevel.de
Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384
Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS Client Started for
xyz1.toplevel.de:2083
Wed Dec 14 09:57:45 2011: DEBUG: Stream attempting tcp connection to
xyz2.toplevel.de:2083
Wed Dec 14 09:57:45 2011: DEBUG: Stream connected to xyz2.toplevel.de:2083
Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS sessionInit for xyz2.toplevel.de
Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384
Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS Client Started for
xyz2.toplevel.de:2083
Wed Dec 14 09:57:45 2011: DEBUG: Finished reading configuration file
'C:\Program Files\Radiator\radius.cfg'
Wed Dec 14 09:57:45 2011: DEBUG: Reading dictionary file
'C:/radius/radiator/dictionary'
Wed Dec 14 09:57:45 2011: DEBUG: Reading dictionary file
'C:/radius/radiator/dictionary.cisco'
Wed Dec 14 09:57:45 2011: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Dec 14 09:57:45 2011: DEBUG: Creating authentication port 0.0.0.0:1812
Wed Dec 14 09:57:45 2011: NOTICE: Server started: Radiator 4.9 on roaming
Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401
Wed Dec 14 09:57:45 2011: ERR: StreamTLS client error: -1, 1, 4401,  1768: 1
- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed

Wed Dec 14 09:57:45 2011: DEBUG: Stream disconnected from
xyz1.toplevel.de:2083
Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401
Wed Dec 14 09:57:45 2011: ERR: StreamTLS client error: -1, 1, 4401,  1768: 1
- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed

Wed Dec 14 09:57:45 2011: DEBUG: Stream disconnected from
xyz2.toplevel.de:2083
Wed Dec 14 09:57:46 2011: DEBUG: Stream attempting tcp connection to
xyz2.toplevel.de:2083
Wed Dec 14 09:57:47 2011: DEBUG: Stream connected to xyz2.toplevel.de:2083
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS sessionInit for xyz2.toplevel.de
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS Client Started for
xyz2.toplevel.de:2083
Wed Dec 14 09:57:47 2011: DEBUG: Stream attempting tcp connection to
xyz1.toplevel.de:2083
Wed Dec 14 09:57:47 2011: DEBUG: Stream connected to xyz1.toplevel.de:2083
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS sessionInit for xyz1.toplevel.de
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS Client Started for
xyz1.toplevel.de:2083
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401
Wed Dec 14 09:57:47 2011: ERR: StreamTLS client error: -1, 1, 4401,  1768: 1
- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed

Wed Dec 14 09:57:47 2011: DEBUG: Stream disconnected from
xyz1.toplevel.de:2083
Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401
Wed Dec 14 09:57:47 2011: ERR: StreamTLS client error: -1, 1, 4401,  1768: 1
- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed

Wed Dec 14 09:57:47 2011: DEBUG: Stream disconnected from
xyz2.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: Stream attempting tcp connection to
xyz1.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: Stream connected to xyz1.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS sessionInit for xyz1.toplevel.de
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS Client Started for
xyz1.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: Stream attempting tcp connection to
xyz2.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: Stream connected to xyz2.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS sessionInit for xyz2.toplevel.de
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS Client Started for
xyz2.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401
Wed Dec 14 09:57:48 2011: ERR: StreamTLS client error: -1, 1, 4401,  1768: 1
- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed

Wed Dec 14 09:57:48 2011: DEBUG: Stream disconnected from
xyz1.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401
Wed Dec 14 09:57:48 2011: ERR: StreamTLS client error: -1, 1, 4401,  1768: 1
- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed

Wed Dec 14 09:57:48 2011: DEBUG: Stream disconnected from
xyz2.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: Packet dump:
*** Received from x.x.x.222 port 1645 ....
Code:       Access-Request
Identifier: 185
Authentic:  E<134><25>DgO<182><201>1<247><149><244><174><166>.<209>
Attributes:
	User-Name = " username at otherinstitution.de"
	Framed-MTU = 1400
	Called-Station-Id = "001e.4a8f.5290"
	Calling-Station-Id = "3cd0.f80a.c5db"
	Service-Type = Login
	Message-Authenticator =
<243><254><249><158><160><208>E<182>u<1><240>Q$<184><186><26>
	EAP-Message = <2><1><0><24><1>username at otherinstitution.de
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 61565
	NAS-Port-Id = "61565"
	NAS-IP-Address = x.x.x.222
	NAS-Identifier = "apx.x.x.222"

Wed Dec 14 09:57:48 2011: DEBUG: Handling request with Handler
'Realm=DEFAULT', Identifier ''
Wed Dec 14 09:57:48 2011: DEBUG:  Deleting session for
username at otherinstitution.de, x.x.x.222, 61565
Wed Dec 14 09:57:48 2011: DEBUG: Handling with Radius::AuthRADSEC
Wed Dec 14 09:57:48 2011: DEBUG: Stream attempting tcp connection to
xyz1.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: Stream connected to xyz1.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS sessionInit for xyz1.toplevel.de
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS Client Started for
xyz1.toplevel.de:2083
Wed Dec 14 09:57:48 2011: DEBUG: Packet dump:
*** Sending request to RadSec xyz1.toplevel.de:2083 ....
Code:       Access-Request
Identifier: 1
Authentic:  E<134><25>DgO<182><201>1<247><149><244><174><166>.<209>
Attributes:
	User-Name = " username at otherinstitution.de"
	Framed-MTU = 1400
	Called-Station-Id = "001e.4a8f.5290"
	Calling-Station-Id = "3cd0.f80a.c5db"
	Service-Type = Login
	Message-Authenticator =
<243><254><249><158><160><208>E<182>u<1><240>Q$<184><186><26>
	EAP-Message = <2><1><0><24><1>username at otherinstitution.de
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 61565
	NAS-Port-Id = "61565"
	NAS-IP-Address = x.x.x.222
	NAS-Identifier = "apx.x.x.222"
	Proxy-State = OSC-Extended-Id=1

Wed Dec 14 09:57:48 2011: DEBUG: AuthBy RADSEC result: IGNORE,
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400
Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401
Wed Dec 14 09:57:48 2011: ERR: StreamTLS client error: -1, 1, 4401,  1768: 1
- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed

Wed Dec 14 09:57:48 2011: DEBUG: Stream disconnected from
xyz1.toplevel.de:2083
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5860 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20111214/bdae2c21/attachment.bin

More information about the radiator mailing list