[RADIATOR] Fwd: Re: Problem with Radsec connections
Heikki Vatiainen
hvn at open.com.au
Thu Nov 7 11:05:50 UTC 2019
On 5.11.2019 14.10, Pedro Simões wrote:
> The startup logs points to no errors, as you can see bellow:
> Tue Nov 5 03:33:32 2019 390272: DEBUG: Initialised SSL library:
> Net::SSLeay 1.88, OpenSSL 1.1.1c 28 May 2019
Which operating system are you using? A Debian Buster user let us know
that he needed to do this to let PEAP to work:
Lowering the MinProtocol level down to TLS1.0 in /etc/ssl/openssl.cnf
makes it work
[system_default_sect]
MinProtocol = TLSv1.0
In other words, the system wide OpenSSL policy settings were causing
problems. In this case the error was more clear, 'unsupported protocol',
but this may show up differently with RadSec.
This can be controlled with OpenSSL API calls, but Radiator currently
does not do it. We are looking into doing this, but it's not part of the
current release.
> We have this configuration on another machine, but there are some
> diferences, regarding the software vresions:
>
> * Tue Nov5 03:35:04 2019: INFO: Using Net::SSLeay 1.66 with SSL/TLS
> library version 0x1000105f (OpenSSL 1.0.1e-fips 11 Feb 2013)
> * Tue Nov5 03:35:04 2019: NOTICE: Server started: Radiator 4.19 on
> cv2-radius.fccn.pt
This looks like an older Linux distribution that has not policy settings
like the ones above.
Please see if the above helps. Also, if you can tell what is the system
you are running Radiator on, we can take a look at that also.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator
mailing list