[RADIATOR] RADSEC issue on Windows Server 2019

Heikki Vatiainen hvn at open.com.au
Mon Oct 21 12:10:44 UTC 2019


On 17/10/2019 15.28, l.m.c.haverkotte at utwente.nl wrote:

> After adding the very simple barebones ServerRADSEC clause shown below 
> to my configuration:

It's a bit too simple: add TLS_CAFile or TLS_CAPath too. What is missing 
is the information about which client certificates the server side 
should trust.

> <ServerRADSEC>
>          Identifier UT-Backend-RADSEC
>          Port 2083
>          Protocol tcp
>          Secret SomethingVerySecret
> 
>          UseTLS
> 
>          TLS_Protocols TLSv1.1,TLSv1.2
>          TLS_CertificateType PEM
>          TLS_CertificateFile %D/certs/cert.pem
>          TLS_PrivateKeyFile %D/certs/key.pem
> 
>          TLS_Ciphers DEFAULT
> </ServerRADSEC>
> 
> Radiator logs the following errors on startup:

> ERR: StreamTLS could not load_verify_locations , :  4100: 1 - 

The log above prints the value of TLS_CAFile, TLS_CAPath. See 
goodies/radsec-server.cfg for a configuration sample. The sample uses 
TLS_CAFile, to specificy which CA certificates server side should trust. 
It's ok to specify only one of the parameters, but the both can not be 
undefined.

For more information about the OpenSSL library call Radiator does, see 
SSL_CTX_load_verify_locations documentation here:

https://www.openssl.org/docs/manmaster/man3/SSL_CTX_load_verify_locations.html 


> error:25078067:DSO support routines:win32_load:could not load the shared 
> library
> 00000000  4100: 2 - error:25070067:DSO support routines:DSO_load:could 
> not load the shared library
> 00000000  4100: 3 - error:260B6084:engine routines:dynamic_load:dso not 
> found
> 00000000  4100: 4 - error:2606A074:engine routines:ENGINE_by_id:no such 
> engine

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.


More information about the radiator mailing list