[RADIATOR] Fwd: Re: Problem with Radsec connections

Heikki Vatiainen hvn at open.com.au
Thu Nov 7 11:05:50 UTC 2019

On 5.11.2019 14.10, Pedro Simões wrote:

> The startup logs points to no errors, as you can see bellow:

> Tue Nov 5 03:33:32 2019 390272: DEBUG: Initialised SSL library: 
> Net::SSLeay 1.88, OpenSSL 1.1.1c 28 May 2019

Which operating system are you using? A Debian Buster user let us know 
that he needed to do this to let PEAP to work:

   Lowering the MinProtocol level down to TLS1.0 in /etc/ssl/openssl.cnf
   makes it work

   MinProtocol = TLSv1.0

In other words, the system wide OpenSSL policy settings were causing 
problems. In this case the error was more clear, 'unsupported protocol', 
but this may show up differently with RadSec.

This can be controlled with OpenSSL API calls, but Radiator currently 
does not do it. We are looking into doing this, but it's not part of the 
current release.

> We have this configuration on another machine, but there are some 
> diferences, regarding the software vresions:
>   * Tue Nov5 03:35:04 2019: INFO: Using Net::SSLeay 1.66 with SSL/TLS
>     library version 0x1000105f (OpenSSL 1.0.1e-fips 11 Feb 2013)
>   * Tue Nov5 03:35:04 2019: NOTICE: Server started: Radiator 4.19 on
>     cv2-radius.fccn.pt

This looks like an older Linux distribution that has not policy settings 
like the ones above.

Please see if the above helps. Also, if you can tell what is the system 
you are running Radiator on, we can take a look at that also.


Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.

More information about the radiator mailing list