[RADIATOR] Fwd: Re: Fwd: Re: Problem with Radsec connections

Pedro Simões psimoes at fccn.pt
Thu Nov 7 15:27:30 UTC 2019 

Hi, 

This server is a brand new machine  with a new CentOS. We are using
version 7.6 

[root at cv-radius ~]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core) 

Also i have added the lines 

[system_default_sect]
MinProtocol = TLSv1.0 

to the file /etc/pki/tls/openssl.cnf and the problem still remains. 

Pedro Simões 

-------- Mensagem reencaminhada -------- 

 		ASSUNTO:
 		Re: [RADIATOR] Fwd: Re: Problem with Radsec connections

 		DATA:
 		Thu, 7 Nov 2019 13:05:50 +0200

 		DE:
 		Heikki Vatiainen <hvn at open.com.au>

 		PARA:
 		radiator at lists.open.com.au

On 5.11.2019 14.10, Pedro Simões wrote:

> The startup logs points to no errors, as you can see bellow:

> Tue Nov 5 03:33:32 2019 390272: DEBUG: Initialised SSL library: Net::SSLeay 1.88, OpenSSL 1.1.1c 28 May 2019

Which operating system are you using? A Debian Buster user let us know
that he needed to do this to let PEAP to work:

Lowering the MinProtocol level down to TLS1.0 in /etc/ssl/openssl.cnf
makes it work

[system_default_sect]
MinProtocol = TLSv1.0

In other words, the system wide OpenSSL policy settings were causing
problems. In this case the error was more clear, 'unsupported protocol',
but this may show up differently with RadSec.

This can be controlled with OpenSSL API calls, but Radiator currently
does not do it. We are looking into doing this, but it's not part of the
current release.

> We have this configuration on another machine, but there are some diferences, regarding the software vresions:
> 
> * Tue Nov5 03:35:04 2019: INFO: Using Net::SSLeay 1.66 with SSL/TLS
> library version 0x1000105f (OpenSSL 1.0.1e-fips 11 Feb 2013)
> * Tue Nov5 03:35:04 2019: NOTICE: Server started: Radiator 4.19 on
> cv2-radius.fccn.pt

This looks like an older Linux distribution that has not policy settings
like the ones above.

Please see if the above helps. Also, if you can tell what is the system
you are running Radiator on, we can take a look at that also.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
radiator at lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator

-- 
_______________________________________________
Pedro Simões - psimoes at fccn.pt
Área de Serviços de Rede | Network Services Area
Eduroam | TCS | AAI
FCT|FCCN
Av. do Brasil, n.º 101
1700-066 Lisboa - Portugal
Telefone|Phone +351 218440100; Fax +351 218472167
www.fccn.pt [1] | www.eduroam.pt [2] || tcs.fccn.pt | rctsaai.fccn.pt 

Links:
------
[1] http://www.fccn.pt
[2] http://www.eduroam.pt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20191107/ac771b16/attachment.html>

More information about the radiator mailing list